CIPE-FAQ

This is a very incomplete collection of topics which already came up more than once on the CIPE mailing list.

General

How secure is CIPE? Which protocols are used?

CIPE uses the well known cryptographic algorithms Blowfish and IDEA with a key length of 128 bits (like in many other common cryptographic applications, e.g. SSL). The protocols were specially designed; they are completely open and documented and have been evolved based on input from public review. This is commonly believed to be the most secure approach in crypto protocol development.

While it is possible that there are specific attacks against the protocol (see next question), to date I know of no such attack which could fatally undermine the security of the CIPE system. If this is a meaningful classification, I would count it as "industry strength". There are three other commonly described levels of cryptographic strength: toy, military, and snake-oil. Don't believe anyone who claims "military strength" for any product. More info is in the excellent Snake Oil FAQ.

Are there known/possible attacks against CIPE?

Attacks come in two ways: attacks against the design of a system, and attacks against implementation errors.

The protocol documentation lists some possible attacks against the protocol design. These are mostly of a theoretical nature and/or denial of service level. It also has a description of measures against these attacks, but not all of them are actually implemented.

To date one case of a potentially exploitable bug has been found, luckily in a version which never was widely used. Another bug has been found which could lead to denial of service attacks. Both have been fixed. Reports of bugs are described in the bugs section of the CIPE home page.

Is an old 486 fast enough to run CIPE?

Suffice it to say the original development for CIPE was done on a 386/25, and that machine was also in actual use for some time (not with heavy traffic though). That hardware would take some seconds to do the public key operations in PKCIPE, but the core CIPE code hasn't changed much since and should not need significantly more CPU power. It also does not need much memory - the module takes about 25k kernel space and 5k for each active device, one ciped is ~500k RSS.
This section is about the Linux version of CIPE, don't know about the Windows one.

How does CIPE compare to other solutions?

CIPE serves (roughly) the same purpose as IPSEC: encryption/tunneling on the IP level. This is in contrast to SSL or SSH tunnels, which do tunneling of TCP connections. The lower-level solution is more universal, it can also handle UDP, ICMP etc., while the TCP solution only applies to (preconfigured) TCP-based services, and not all of them are suitable to tunneling (FTP is an example of a protocol which is not easy to tunnel).

For this reason, people occasionally propose tunneling PPP (and thus IP) over an SSH or SSL connection. This should really be avoided because it has bad performance characteristics. Read this explanation.

As for CIPE vs. IPSEC, they should be equivalent security-wise, with CIPE giving a bit better performance because of the lightweight protocol. However, IPSEC is standardized and thus has better interoperability.

Usage scenarios

How can I run Windows file sharing over CIPE?

First, make sure your Windows network runs only TCP/IP. There is not much reason any more to use the other protocols which are available mostly for compatibility with very old servers or clients. Using only one protocol is more efficient anyway.

The general problem with the Windows networking in a network containing (any sort of) routers is that it relies on broadcasts for name resolution and browse lists, and routers usually don't pass broadcasts. Communication of machine names and browse lists (i.e. the lists you can see in the "Network Neighborhood" windows) across subnets requires the use of machines which run special services:

It is possible to use Windows NT machines or Samba for each of these tasks. The file BROWSING.txt from the Samba documentation explains how this works and how to set it up.

It is also necessary that all machines participating in the Windows network are configured to use the WINS server for name resolution.

How can I use a specific IP/port even when using PKCIPE?

You can use the me option in the peer public-key file (i.e. /etc/cipe/pk/peer) to set your own carrier address like with static configuration. An IP address and/or port number specified as zero will be filled dynamically. So to bind to a specific IP address, use w.x.y.z:0, to bind to a specific port use 0.0.0.0:p.

Can I run IPv6 over CIPE?

Yes, configure CIPE for protocol 4 and assign the device an IPv6 address in ip-up (using the iproute tools as you would for an Ethernet device). Also add a route to the peer as appropriate. Note that as soon as an ethernet(-emulation) device goes up on an IPv6 capable system, the kernel starts sending neighbour and router solicitation messages over that device (even without assigning an actual IPv6 address!) These messages behave like pings to the CIPE link in that they can provoke errors. You probably need maxerr=-1.

Troubleshooting

opendev: alloc: <some error message>

(by far the most commonly reported problem)

This is almost certainly due to a mismatch between kernel and CIPE module. Make sure you have compiled the module against the right kernel headers, with the right compiler and options, etc.

This applies to any externally compiled module: a module must be compiled using the same compiler and options, and using the same, identically configured kernel header tree, as the kernel it will run on. Otherwise, it could use definitions of kernel data structures which don't agree with the running kernel, since these structures are configuration and compiler dependent. This is an easy way to cause kernel crashes.

If you compile your own kernel, always set the "Set version information on all symbols" (aka MODVERSIONS) option. It helps catch the errors from mismatching modules by refusing to load these modules.

CIPE connection is extremely slow over a modem line

Turn off modem compression (V.42bis). Compression hurts rather than helps for encrypted traffic, which can not be compressed. Compression needs buffering some amount of data, which causes additional delay. The same applies to PPP compression (bsdcomp, etc.)

Van Jacobson TCP/IP header compression (also called CSLIP if you're still running SLIP) is a different thing, it does not affect CIPE in any way (it only compresses TCP packets). Turn it off if (and only if) you notice instabilities with unencrypted TCP connections.

Administrivia

I have stopped getting mail from cipe-l

If your mail bounces, you will get unsubscribed at some point. Among the bounce messages which land in the list master's mailbox are a lot of things like "relaying denied" or "your mail host is blocked due to sending spam". Fix your mail configuration and don't use bogus blacklists, and make sure your mail server is actually reachable. Which also means, please don't use dynamic IP hosts as mail servers, that is bound to break and lose mail.

Another possible cause is that you run a (misconfigured) spam filter which flags list traffic as spam. Re-order your filters so that list traffic is sorted out before spam filtering (this is a good idea in any case).

Olaf Titz
2004-08-03