New README file for cipe

Sun Oct 5 06:00:54 UTC 2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

After spending a couple of hours trying to figure out cipe and how to use it 
with Redhat, i think I have put together a fairly comprehensive README. I 
intend this to be just a start, and I hope others who know more about cipe 
than myself will add notes and correct it where it is wrong.

I personally don't know how to configure the redhat routes so that I can 
direct traffic to networks through the newly configure cipe interface. I 
wil figure that out pretty soon and I may add a note about it to the README 
if people are interested.

There is also a patch for the /etc/sysconfig/network-scripts/ifdown-cipcb 
script attached. It addresses the attachment of "ifcfg-" to the CONFIG 
variable to match the behavior of 
/etc/sysconfig/network-scripts/ifup-cipcb.

- -- 
Jonathan Gardner
jgardner at jonathangardner.net
Live Free, Use Linux!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/f7OWWgwF3QvpWNwRAjvtAKCOCr8oWFJ0h5y8ygTRg6SociYMkwCgisHB
X15SFcreaKHKHFn4lx+7gik=
=77Zr
-----END PGP SIGNATURE-----
-------------- next part --------------
Configuring cipe with Redhat by Jonathan Gardner

1) Planning. You'll need to determine what the new IP addresses of the two
computers will be after the connection. You'll also need to know what ports
you will use on each host.

In my case, I am setting up a tunnel between atlas and jenner. I decide to use
port 6789 on atlas, and 6790 on jenner. I also decide to give the IP address
of 192.168.0.1 to atlas, and 192.168.0.2 to jenner.

    atlas: Using port 6789, will be 192.168.0.1
    jenner: Using port 6790, will be 192.168.0.2

2) Open the firewall.  I edited the file /etc/sysconfig/iptables to allow
incoming UDP packets on jenner and atlas, but only from and to the appropriate
ports.

On atlas:
    -A INPUT -p udp -m udp -s jenner -d atlas --sport 6790 --dport 6789 -j ACCEPT

On jenner:
    -A INPUT -p udp -m udp -s atlas -d jenner --sport 6789 --dport 6790 -j ACCEPT

After I edited the iptables file, I restarted iptables.
# service iptables restart

3) Configure the tunnelling. This will require a file at
/etc/sysconfig/network-scripts/ifcfg-cipcb0 on both machines. The files read
as follows.

On atlas:
    DEVICE=cipcb0
    ONBOOT=yes
    USERCTL=yes
    MYPORT=6789
    PEER=jenner:6790
    PTPADDR=192.168.0.2
    IPADDR=192.168.0.1

On jenner:
    DEVICE=cipcb0
    ONBOOT=yes
    USERCTL=yes
    MYPORT=6790
    PEER=atlas:6789
    PTPADDR=192.168.0.1
    IPADDR=192.168.0.2

4) Finally, I created a key in /etc/cipe/options.cipcb0 on both machines. It
reads:

    key [md5sum]

where md5sum is the result of running:

    $ ps -aux | md5sum

(note that I only included the 128 digit hexadecimal number - not the '-'
part.)

The options.cipcb0 must be set to be read only by the root user:

# chmod 600 /etc/cipe/options.cipcb0

This file must match on both computers.

5) I could restart the network service on both machines to get it running. But
I can also try starting and stopping the individual interface. To do that, I
run:

# /etc/sysconfig/network-scripts/ifup-cipcb ifcfg-cipcb0

to start it and 

# /etc/sysconfig/network-scripts/ifdown-cipcb ifcfg-cipcb0

to stop it.

6) Test the connection by pinging the opposite host.

$ ping 192.168.0.1
$ ping 192.168.0.2

Congratulations! You have succeeded. If not, check the following:

 - The /etc/cipe/option.cipcb0 files match on both machines.
 - The firewall allows connections to the ports. Check both iptables and
   whatever else is connecting your computers. Remember that you have to
   restart iptables to get the changes you made. The same may hold true for
   whatever routers you have between your computers.
 - Watch the /var/log/messages file as you start and stop the service for odd
   messages about cipe. Try to figure out what they mean.

7) Now you may route traffic through the interface.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ifdown-cipcb.patch
Type: text/x-diff
Size: 241 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031004/8af9be9c/attachment.bin>