New README file for cipe
Jonathan Gardner
jgardner at jonathangardner.net
Sun Oct 5 06:00:54 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
After spending a couple of hours trying to figure out cipe and how to use it
with Redhat, i think I have put together a fairly comprehensive README. I
intend this to be just a start, and I hope others who know more about cipe
than myself will add notes and correct it where it is wrong.
I personally don't know how to configure the redhat routes so that I can
direct traffic to networks through the newly configure cipe interface. I
wil figure that out pretty soon and I may add a note about it to the README
if people are interested.
There is also a patch for the /etc/sysconfig/network-scripts/ifdown-cipcb
script attached. It addresses the attachment of "ifcfg-" to the CONFIG
variable to match the behavior of
/etc/sysconfig/network-scripts/ifup-cipcb.
- --
Jonathan Gardner
jgardner at jonathangardner.net
Live Free, Use Linux!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/f7OWWgwF3QvpWNwRAjvtAKCOCr8oWFJ0h5y8ygTRg6SociYMkwCgisHB
X15SFcreaKHKHFn4lx+7gik=
=77Zr
-----END PGP SIGNATURE-----
-------------- next part --------------
Configuring cipe with Redhat by Jonathan Gardner
1) Planning. You'll need to determine what the new IP addresses of the two
computers will be after the connection. You'll also need to know what ports
you will use on each host.
In my case, I am setting up a tunnel between atlas and jenner. I decide to use
port 6789 on atlas, and 6790 on jenner. I also decide to give the IP address
of 192.168.0.1 to atlas, and 192.168.0.2 to jenner.
atlas: Using port 6789, will be 192.168.0.1
jenner: Using port 6790, will be 192.168.0.2
2) Open the firewall. I edited the file /etc/sysconfig/iptables to allow
incoming UDP packets on jenner and atlas, but only from and to the appropriate
ports.
On atlas:
-A INPUT -p udp -m udp -s jenner -d atlas --sport 6790 --dport 6789 -j ACCEPT
On jenner:
-A INPUT -p udp -m udp -s atlas -d jenner --sport 6789 --dport 6790 -j ACCEPT
After I edited the iptables file, I restarted iptables.
# service iptables restart
3) Configure the tunnelling. This will require a file at
/etc/sysconfig/network-scripts/ifcfg-cipcb0 on both machines. The files read
as follows.
On atlas:
DEVICE=cipcb0
ONBOOT=yes
USERCTL=yes
MYPORT=6789
PEER=jenner:6790
PTPADDR=192.168.0.2
IPADDR=192.168.0.1
On jenner:
DEVICE=cipcb0
ONBOOT=yes
USERCTL=yes
MYPORT=6790
PEER=atlas:6789
PTPADDR=192.168.0.1
IPADDR=192.168.0.2
4) Finally, I created a key in /etc/cipe/options.cipcb0 on both machines. It
reads:
key [md5sum]
where md5sum is the result of running:
$ ps -aux | md5sum
(note that I only included the 128 digit hexadecimal number - not the '-'
part.)
The options.cipcb0 must be set to be read only by the root user:
# chmod 600 /etc/cipe/options.cipcb0
This file must match on both computers.
5) I could restart the network service on both machines to get it running. But
I can also try starting and stopping the individual interface. To do that, I
run:
# /etc/sysconfig/network-scripts/ifup-cipcb ifcfg-cipcb0
to start it and
# /etc/sysconfig/network-scripts/ifdown-cipcb ifcfg-cipcb0
to stop it.
6) Test the connection by pinging the opposite host.
$ ping 192.168.0.1
$ ping 192.168.0.2
Congratulations! You have succeeded. If not, check the following:
- The /etc/cipe/option.cipcb0 files match on both machines.
- The firewall allows connections to the ports. Check both iptables and
whatever else is connecting your computers. Remember that you have to
restart iptables to get the changes you made. The same may hold true for
whatever routers you have between your computers.
- Watch the /var/log/messages file as you start and stop the service for odd
messages about cipe. Try to figure out what they mean.
7) Now you may route traffic through the interface.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ifdown-cipcb.patch
Type: text/x-diff
Size: 241 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031004/8af9be9c/attachment.bin>
More information about the fedora-devel-list
mailing list