CIPE VPN Under RedHat Linux
===========================

Shanker Balan
http://shankerbalan.com/


Thu Jun  5 16:19:03 IST 2003
- What better time than now to write this up!


Overview
========

Below is a quick summary of steps required for getting a CIPE based VPN between
2 hosts. In this case, one host is on a private network with a fixed 10.x.x.x
IP address and the server is on a fixed public segment. The requirement for a
VPn arise out of the fact that it was not possible to connect to the LAN since
the gateway had a only a private IP which was being NAT'ed by the ISP.

Why CIPE?

- Both the servers run RedHat Linux > 7.x and already has the CIPE packages
  installed by default. Installing any other VPN mechanism like IPSEC or
  Microsoft PPTF would involve additions changes to the kernel and tools.  CIPE
  seemed like a good choice. Previously, we were using PPP tunnels over SSH.


The Setup
=========

HostA - The Server
- Public IP: 203.197.X.1

HostB - The Client
- Private IP: 10.5.x.1

The VPN Interface
=================

The private segment of 192.168.10.x is being used for the VPN with link
originating on HostB (the Client) and the other end on HostA (The Server)

VPN tunnelled over the Internet Link:

(X.X.X.X) HostA <---------------------------------------------> HostB (Y.Y.Y.Y)
(X.X.X.X) HostA <---> 192.168.10.100 <---> 192.168.10.101 <---> HostB (Y.Y.Y.Y)

Server Side Setup

###
### HostA: sysconfig/network-scripts/ifcfg-cipcb0
###
DEVICE=cipcb0
TYPE=CIPE
ONBOOT=yes
USERCTL=no
MYPORT=7777
PEER=0.0.0.0
PTPADDR=192.168.10.100
IPADDR=192.168.10.101
ME=X.X.X.X
PEERDNS=no

###
### HostA: etc/cipe/options.cipcb0
###
cttl 64
maxerr -1
key 123456ourlittlesecret7890shhhh