Cipe Key Management - Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual
Hide thumbs
Also See for ENTERPRISE LINUX 3 - SECURITY GUIDE:
- Manual (410 pages) ,
- System administration manual (348 pages) ,
- Reference manual (324 pages)
Table of Contents
Advertisement
Chapter 6. Virtual Private Networks
Parameter
arg
cttl
debug
device
ipaddr
ipdown
ipup
key
maxerr
me
mtu
nokey
peer
ping
socks
tokey
tokxc
tokxts
toping
Table 6-1. CIPE Parameters
6.8. CIPE Key Management
As previously mentioned, CIPE incorporates a secure combination of static link keys and encrypted
traffic to create a secure tunnel over carrier networks such as the Internet. The use of static link keys
provide a common point of reference for two CIPE-enabled networks to pass information securely.
Therefore, it is imperative that both CIPE-enabled network gateways share the exact same key, or
CIPE communication will not be possible.
Generating CIPE keys requires knowledge of what kind of keys are compatible. Random
alphanumeric generators do not work. Static keys must be 128-bit, 32-character strings. These can be
created by running the following command, which uses
random number device:
/dev/random
od -N 16 /dev/random -t x4 | awk '{print $2 $3 $4 $5}'
Place the output in the
Description
Passes arguments to the
Sets the Carrier Time To Live (TTL) value; recommended value is 64
Boolean value to enable debugging
Names the CIPE device
Publicly-routable IP address of the CIPE machine
Choose an alternate
/etc/cipe/ip-down
Choose an alternate
Specifies a shared static key for CIPE connection
Number of errors allowable before the CIPE daemon quits
UDP address of the CIPE machine
Set the device maximum transfer unit
Do not use encryption
The peer's CIPE UDP address
Set CIPE-specific (non-ICMP) keepalive ping interval
IP address and port number of the SOCKS server for proxy connections
Set dynamic key lifetime; default is 10 minutes (600 seconds)
Timeout value for shared key exchange; default is 10 seconds
Shared key exchange timestamp timeout value; default is 0 (no
timestamps)
Timeout value for keepalive pings; default is 0
/etc/cipe/options.cipcb0
/etc/cipe/ip-up
script than the default
ip-down
script than the default
ip-up
to create a hexadecimal key using the
od
file for all CIPE servers and clients.
initialization script
/etc/cipe/ip-up
57
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
Related Products for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - FOR IBM ESERVER ISERIES AND IBM ESERVER PSERIES
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat ENTERPRISE LINUX 5 - VIRTUAL SERVER ADMINISTRATION
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
Need help?
Do you have a question about the ENTERPRISE LINUX 3 - SECURITY GUIDE and is the answer not in the manual?
Questions and answers