Red Hat Linux 9: Red Hat Linux Security Guide
PrevChapter 6. Virtual Private NetworksNext

6.5. CIPE Server Configuration

To setup the CIPE server, install the RPM package from the Red Hat Linux CD-ROM or via Red Hat Network.

ImportantImportant
 

If you are using an older version of Red Hat Linux and/or have an older version of CIPE, you should upgrade to the latest version.

The next step is to copy the sample configuration files from /usr/share/doc/cipe-version/samples/ (where version is the version of CIPE installed on your system) to /etc/cipe/. Once they are copied, you will need to edit the /etc/cipe/options.cipcbx (x is incremental starting from 0, for those who want to have more than one CIPE connection on the CIPE server) file to include your LAN subnet addresses and publicly routable firewall IP addresses. The following is the example options file included with the Red Hat Linux CIPE RPM which, for this example, is renamed to options.cipbcb0: 

# Surprise, this file allows comments (but only on a line by themselves)
# This is probably the minimal set of options that has to be set
# Without a "device" line, the device is picked dynamically

# the peer's IP address
ptpaddr         6.5.4.3

# our CIPE device's IP address
ipaddr          6.7.8.9

# my UDP address. Note: if you set port 0 here, the system will pick
# one and tell it to you via the ip-up script. Same holds for IP 0.0.0.0.
me              bigred.inka.de:6789

# ...and the UDP address we connect to. Of course no wildcards here.
peer            blackforest.inka.de:6543

# The static key. Keep this file secret!
# The key is 128 bits in hexadecimal notation.
key             xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The ptpaddr is the remote LAN's CIPE address. The ipaddr is the workstation's CIPE IP address. The me address is the client's publicly routable IP address that sends the UDP packets over the Internet, while peer is the publicly routable IP address of CIPE server. Note that the client workstation's IP address is 0.0.0.0 because it uses a dynamic connection. The CIPE client will handle the connection to the host CIPE server. The key field (represented by x's; your key should be secret) is the shared static key. This key must be the same for both peers or connection will not be possible. See Section 6.8 CIPE Key Management for information on how to generate a shared static key for your CIPE machines.

Here is the edited /etc/cipe/options.cipcb0 that the client workstation will use: 

ptpaddr        10.0.1.2
ipaddr         10.0.1.1
me             0.0.0.0
peer           LAN.EXAMPLE.COM:6969
key            123456ourlittlesecret7890shhhh

Here is the /etc/cipe/options.cipcb0 file for the CIPE server: 

ptpaddr        10.0.1.1
ipaddr         10.0.1.2
me             LAN.EXAMPLE.COM:6969
peer           0.0.0.0
key            123456ourlittlesecret7890shhhh
PrevHomeNext
CIPE InstallationUpConfiguring Clients for CIPE