62
Chapter 6. Virtual Private Networks
# Surprise, this file allows comments (but only on a line by themselves)
# This is probably the minimal set of options that has to be set
# Without a "device" line, the device is picked dynamically
# the peer's IP address
ptpaddr
6.5.4.3
# our CIPE device's IP address
ipaddr
6.7.8.9
# my UDP address. Note: if you set port 0 here, the system will pick
# one and tell it to you via the ip up script. Same holds for IP 0.0.0.0.
me
bigred.inka.de:6789
# ...and the UDP address we connect to. Of course no wildcards here.
peer
blackforest.inka.de:6543
# The static key. Keep this file secret!
# The key is 128 bits in hexadecimal notation.
key
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The
ptpaddr
is the remote LAN's CIPE address. The
ipaddr
is the workstation's CIPE IP address.
The
me
address is the client's publicly routable IP address that sends the UDP packets over the Internet,
while
peer
is the publicly routable IP address of CIPE server. Note that the client workstation's IP
address is 0.0.0.0 because it uses a dynamic connection. The CIPE client will handle the connection
to the host CIPE server. The
key
field (represented by x's; your key should be secret) is the shared
static key. This key must be the same for both peers or connection will not be possible. See Section
6.2.6 for information on how to generate a shared static key for your CIPE machines.
Here is the edited
/etc/cipe/options.cipcb0
that the client workstation will use:
ptpaddr
10.0.1.2
ipaddr
10.0.1.1
me
0.0.0.0
peer
LAN.EXAMPLE.COM:6969
key
123456ourlittlesecret7890shhhh
Here is the
/etc/cipe/options.cipcb0
file for the CIPE server:
ptpaddr
10.0.1.1
ipaddr
10.0.1.2
me
LAN.EXAMPLE.COM:6969
peer
0.0.0.0
key
123456ourlittlesecret7890shhhh
6.2.4. Configuring Clients for CIPE
After successfully configuring the CIPE server and testing for functionality, you can now deploy the
connection on the client machine.
The CIPE client should be able to connect and disconnect the CIPE connection in an automated way.
Therefore, CIPE contains built in mechanisms to customize settings for individual uses. For example,
a remote employee can connect to the CIPE device on the LAN by typing the following:
/sbin/ifup cipcb0
The device should automatically come up, and any firewall rules and routing information should be
executed along with the connection. The remote employee should be able to terminate the connection
with the following:
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved