Conﬁguring Clients For Cipe - Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual

Hide thumbs Also See for ENTERPRISE LINUX 3 - SECURITY GUIDE:

Manual (410 pages)

System administration manual (348 pages)

Reference manual (324 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

ptpaddr

6.5.4.3

# our CIPE device's IP address

ipaddr

6.7.8.9

# my UDP address. Note: if you set port 0 here, the system will pick

# one and tell it to you via the ip-up script. Same holds for IP 0.0.0.0.

bigred.inka.de:6789

# ...and the UDP address we connect to. Of course no wildcards here.

peer

blackforest.inka.de:6543

# The static key. Keep this file secret!

# The key is 128 bits in hexadecimal notation.

key

xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The

is the remote LAN's CIPE address. The

ptpaddr

The

address is the client's publicly routable IP address that sends the UDP packets over the Internet,

while

is the publicly routable IP address of CIPE server. Note that the client workstation's IP

peer

address is 0.0.0.0 because it uses a dynamic connection. The CIPE client handles the connection to

the host CIPE server. The

key. This key must be the same for both peers or connection is not possible. Refer to Section 6.8 CIPE

Key Management for information on how to generate a shared static key for your CIPE machines.

Here is the edited

/etc/cipe/options.cipcb0

ptpaddr

10.0.1.2

ipaddr

10.0.1.1

0.0.0.0

peer

LAN.EXAMPLE.COM:6969

key

123456ourlittlesecret7890shhhh

Here is the

/etc/cipe/options.cipcb0

ptpaddr

10.0.1.1

ipaddr

10.0.1.2

LAN.EXAMPLE.COM:6969

peer

0.0.0.0

key

123456ourlittlesecret7890shhhh

6.6. Conﬁguring Clients for CIPE

After successfully conﬁguring the CIPE server and testing for functionality, you can now deploy the

connection on the client machine.

The CIPE client should be able to connect and disconnect the CIPE connection in an automated way.

Therefore, CIPE contains built-in mechanisms to customize settings for individual uses. For example,

a remote employee can connect to the CIPE device on the LAN by typing the following:

/sbin/ifup cipcb0

The device should automatically come up; ﬁrewall rules and routing information should also be con-

ﬁgured along with the connection. The remote employee should be able to terminate the connection

with the following:

/sbin/ifdown cipcb0

Conﬁguring clients requires the creation of localized scripts that are run after the device has

loaded. The device conﬁguration itself can be conﬁgured locally via a user-created ﬁle called

ﬁeld (represented by x's; the key should be secret) is the shared static

key

ﬁle for the CIPE server:

Chapter 6. Virtual Private Networks

is the workstation's CIPE IP address.

ipaddr

that the client workstation will use:

Table of Contents

Conﬁguring Clients For Cipe - Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual

Related Manuals for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE

Related Content for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE

Table of Contents