74eb47db |
1 | .\" -*-nroff-*- |
2 | .\". |
3 | .de hP |
4 | .IP |
5 | \h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c |
6 | .. |
7 | .de VS |
8 | .sp 1 |
9 | .RS |
10 | .nf |
11 | .ft B |
12 | .. |
13 | .de VE |
14 | .ft R |
15 | .fi |
16 | .RE |
17 | .sp 1 |
18 | .. |
19 | .ie t \{\ |
20 | . ds o \(bu |
21 | . ds ss \s8\u |
22 | . ds se \d\s0 |
23 | . if \n(.g \{\ |
24 | . fam P |
25 | . \} |
26 | .\} |
27 | .el \{\ |
28 | . ds o o |
29 | . ds ss ^ |
d6623498 |
30 | . ds se |
74eb47db |
31 | .\} |
32 | .TH tripe 8 "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" |
33 | .SH "NAME" |
34 | tripe \- a simple VPN daemon |
35 | .SH "SYNOPSIS" |
36 | .B tripe |
37 | .RB [ \-D ] |
74eb47db |
38 | .RB [ \-d |
39 | .IR dir ] |
33ced0d3 |
40 | .RB [ \-p |
41 | .IR port ] |
42 | .RB [ \-U |
43 | .IR user ] |
44 | .RB [ \-G |
45 | .IR group ] |
74eb47db |
46 | .br |
47 | |
48 | .RB [ \-k |
49 | .IR priv-keyring ] |
50 | .RB [ \-K |
51 | .IR pub-keyring ] |
52 | .RB [ \-t |
53 | .IR key-tag ] |
33ced0d3 |
54 | .br |
55 | |
56 | .RB [ \-a |
57 | .IR socket ] |
58 | .RB [ \-T |
59 | .IR trace-opts ] |
74eb47db |
60 | .SH "DESCRIPTION" |
61 | The |
62 | .B tripe |
63 | program is a server which can provide strong IP-level encryption and |
64 | authentication between two co-operating hosts. The program and its |
65 | protocol are deliberately very simple, to make analysing them easy and |
66 | to help build trust rapidly in the system. |
67 | .SS "Overview" |
68 | The |
69 | .B tripe |
70 | server manages a number of secure connections to other `peer' hosts. |
71 | Each daemon is given a private key of its own, and a file of public keys |
72 | for the peers with which it is meant to communicate. It is responsible |
73 | for negotiating sets of symmetric keys with its peers, and for |
74 | encrypting, encapsulating and sending IP packets to its peers, and |
75 | decrypting, checking and de-encapsulating packets it receives from |
76 | them. |
77 | .PP |
78 | When the server starts, it creates a Unix-domain socket on which it |
79 | listens for administration commands. It also logs warnings and |
80 | diagnostic information to the programs connected to its admin socket. |
81 | Clients connected to the socket can add new peers, and remove or find |
82 | out about existing peers. The textual protocol used to give the |
83 | .B tripe |
84 | server admin commands is described in |
85 | .BR tripe\-admin (5). |
86 | A client program |
87 | .BR tripectl (1) |
88 | is provided to allow commands to be sent to the server either |
89 | interactively or by simple scripts. |
90 | .SS "Command-line arguments" |
91 | If not given any command-line arguments, |
92 | .B tripe |
93 | will initialize by following these steps: |
94 | .hP \*o |
95 | It changes directory to |
96 | .BR /var/lib/tripe . |
97 | .hP \*o |
98 | It acquires a UDP socket with an arbitrary kernel-selected port number. |
99 | It will use this socket to send and receive all communications with its |
100 | peer servers. The port chosen may be discovered by means of the |
101 | .B PORT |
102 | admin command (see |
103 | .BR tripe\-admin (5)). |
104 | .hP \*o |
105 | It loads the private key with the tag or type name |
106 | .B tripe\-dh |
107 | from the Catacomb-format file |
108 | .BR keyring , |
109 | and loads the file |
110 | .B keyring.pub |
111 | ready for extracting the public keys of peers as they're introduced. |
112 | (The format of these files is described in |
113 | .BR keyring (5). |
114 | They are maintained using the program |
115 | .BR key (1) |
116 | provided with the Catacomb distribution.) |
117 | .hP \*o |
118 | It creates and listens to the Unix-domain socket |
119 | .BR tripesock . |
120 | .PP |
121 | Following this, the server enters its main loop, accepting admin |
122 | connections and obeying any administrative commands, and communicating |
123 | with peers. It also treats its standard input and standard output |
124 | streams as an admin connection, reading commands from standard input and |
33ced0d3 |
125 | writing responses and diagnostics messages to standard output. Finally, |
126 | it will reload keys from its keyring files if it notices that they've |
127 | changed (it checks inode number and modification time) \- there's no |
128 | need to send a signal. |
74eb47db |
129 | .PP |
130 | Much of this behaviour may be altered by giving |
131 | .B tripe |
132 | suitable command-line options: |
133 | .TP |
134 | .B "\-h, \-\-help" |
135 | Writes a brief description of the command-line options available to |
136 | standard output and exits with status 0. |
137 | .TP |
138 | .B "\-v, \-\-version" |
139 | Writes |
140 | .BR tripe 's |
141 | version number to standard output and exits with status 0. |
142 | .TP |
143 | .B "\-u, \-\-usage" |
144 | Writes a brief usage summary to standard output and exits with status 0. |
145 | .TP |
146 | .B "\-D, \-\-daemon" |
147 | Dissociates from its terminal and starts running in the background after |
148 | completing the initialization procedure described above. If running as |
149 | a daemon, |
150 | .B tripe |
151 | will not read commands from standard input or write diagnostics to |
152 | standard output. A better way to start |
153 | .B tripe |
154 | in the background is with |
155 | .BR tripectl (1). |
156 | .TP |
157 | .BI "\-d, \-\-directory=" dir |
158 | Makes |
159 | .I dir |
160 | the current directory, instead of |
161 | .BR /var/lib/tripe . |
162 | Give a current directory of |
163 | .B . |
164 | if you don't want it to change directory at all. |
165 | .TP |
166 | .BI "\-p, \-\-port=" port |
167 | Use the specified UDP port for all communications with peers, rather |
168 | than an arbitarary kernel-assigned port. |
169 | .TP |
33ced0d3 |
170 | .BI "\-U, \-\-setuid=" user |
171 | Set uid to that of |
172 | .I user |
173 | (either a user name or integer uid) after initialization. Also set gid |
174 | to |
175 | .IR user 's |
176 | primary group, unless overridden by a |
177 | .B \-G |
178 | option. |
179 | .TP |
180 | .BI "\-G, \-\-setgid=" group |
181 | Set gid to that of |
182 | .I group |
183 | (either a group name or integer gid) after initialization. |
184 | .TP |
74eb47db |
185 | .BI "\-k, \-\-priv\-keyring=" file |
186 | Reads the private key from |
187 | .I file |
188 | rather than the default |
189 | .BR keyring . |
190 | .TP |
191 | .BI "\-K, \-\-pub\-keyring=" file |
192 | Reads public keys from |
193 | .I file |
194 | rather than the default |
195 | .BR keyring.pub . |
196 | This can be the same as the private keyring, but that's not recommended. |
197 | .TP |
198 | .BI "\-t, \-\-tag=" tag |
199 | Uses the private key whose tag or type is |
200 | .I tag |
201 | rather than the default |
202 | .BR tripe\-dh . |
203 | .TP |
204 | .BI "\-a, \-\-admin\-socket=" socket |
205 | Accept admin connections to a Unix-domain socket named |
206 | .I socket |
207 | rather than the default |
208 | .BR tripesock . |
209 | .TP |
210 | .BI "\-T, \-\-trace=" trace-opts |
211 | Allows the enabling or disabling of various internal diagnostics. See |
212 | below for the list of options. |
d6623498 |
213 | .SS "Setting up a VPN with tripe" |
214 | The |
215 | .B tripe |
216 | server identifies peers by name. While it's |
217 | .I possible |
218 | for each host to maintain its own naming system for its peers, this is |
219 | likely to lead to confusion, and it's more sensible to organize a naming |
220 | system that works everywhere. How you manage this naming is up to you. |
221 | The only restriction on the format of names is that they must be valid |
222 | Catacomb key tags, since this is how |
223 | .B tripe |
224 | identifies which public key to use for a particular peer: they may not |
225 | contain whitespace characters, or a colon |
226 | .RB ` : ' |
227 | or dot |
228 | .RB ` . ', |
229 | .PP |
230 | Allocating IP addresses for VPNs can get quite complicated. I'll |
231 | attempt to illustrate with a relatively simple example. Our objective |
232 | will be to set up a virtual private network between two sites of |
233 | .BR example.com . |
234 | The two sites are using distinct IP address ranges from the private |
235 | address space described in RFC1918: site A is using addresses from |
236 | 10.0.1.0/24 and site B is using 10.0.2.0/24. Each site has a gateway |
237 | host set up with both an address on the site's private network, and an |
238 | externally-routable address from the public IP address space. Site A's |
239 | gateway machine, |
240 | .BR alice , |
241 | has the addresses 10.0.1.1 and 200.0.1.1; site B's gateway is |
242 | .B bob |
243 | and has addresses 10.0.2.1 and 200.0.2.1. |
244 | .PP |
245 | This isn't quite complicated enough. Each of |
246 | .B alice |
247 | and |
248 | .B bob |
249 | needs an extra IP address which we'll use when setting up the |
250 | point-to-point link. These addresses need to be routable, at least |
251 | within the virtual private network: unfortunately, you can't just use |
252 | the same pair everywhere. We'll assign |
253 | .B alice |
254 | the point-to-point address 192.168.0.1, and |
255 | .B bob |
256 | the address 192.168.0.2. |
257 | .hP 1. |
258 | Install |
259 | .B tripe |
260 | on both of the gateway hosts. Create the directory |
261 | .BR /var/lib/tripe . |
262 | .hP 2. |
263 | On |
264 | .BR alice , |
265 | make |
266 | .B /var/lib/tripe |
267 | the current directory and generate a Diffie-Hellman group: |
268 | .RS |
74eb47db |
269 | .VS |
270 | key add \-adh\-param \-LS \-b2048 \-B256 \e |
271 | \-eforever \-tparam tripe\-dh\-param |
272 | .VE |
d6623498 |
273 | (See |
274 | .BR key (1) |
275 | from the Catacomb distribution for details about the |
276 | .B key |
277 | command.) Also generate a private key for |
278 | .BR alice : |
279 | .VS |
280 | key add \-adh \-pparam \-talice \e |
281 | \-e"now + 1 year" tripe\-dh |
282 | .VE |
283 | Extract the group parameters and |
284 | .BR alice 's |
285 | public key to |
286 | .I separate |
287 | files, and put the public key in |
288 | .BR keyring.pub : |
74eb47db |
289 | .VS |
290 | key extract param param |
37075862 |
291 | key extract \-f\-secret alice.pub alice |
d6623498 |
292 | key \-kkeyring.pub merge alice.pub |
74eb47db |
293 | .VE |
d6623498 |
294 | Send the files |
295 | .B param |
296 | and |
297 | .B alice.pub |
298 | to |
299 | .B bob |
300 | in some secure way (e.g., in PGP-signed email, or by using SSH), so that |
301 | you can be sure they've not been altered in transit. |
302 | .RE |
303 | .hP 3. |
304 | On |
305 | .B bob |
306 | now, make |
307 | .B /var/lib/tripe |
308 | the current directory, and import the key material from |
309 | .BR alice : |
310 | .RS |
74eb47db |
311 | .VS |
312 | key merge param |
d6623498 |
313 | key \-kkeyring.pub merge alice.pub |
74eb47db |
314 | .VE |
d6623498 |
315 | Generate a private key for |
316 | .B bob |
317 | and extract the public half, as before: |
74eb47db |
318 | .VS |
d6623498 |
319 | key add \-adh \-pparam \-tbob \e |
320 | \-e"now + 1 year" tripe\-dh |
383f2a0b |
321 | key extract \-f\-secret bob.pub bob |
d6623498 |
322 | key \-kkeyring.pub merge bob.pub |
74eb47db |
323 | .VE |
d6623498 |
324 | and send |
325 | .B bob.pub |
326 | back to |
327 | .B alice |
328 | using some secure method. |
329 | .RE |
330 | .hP 4 |
331 | On |
332 | .BR alice , |
333 | merge |
334 | .B bob 's |
335 | key into the public keyring. Now, on each host, run |
336 | .RS |
337 | .VS |
338 | key \-kkeyring.pub fingerprint |
339 | .VE |
340 | and check that the hashes match. If the two sites have separate |
341 | administrators, they should read the hashes to each other over the |
342 | telephone (assuming that they can recognize each other's voices). |
343 | .RE |
344 | .hP 5. |
345 | Start the |
346 | .B tripe |
347 | servers up. Run |
348 | .RS |
349 | .VS |
350 | tripectl \-slD \-S\-P23169 |
351 | .VE |
352 | on each of |
353 | .B alice |
354 | and |
355 | .BR bob . |
356 | (The |
357 | .RB ` \-P23169 ' |
358 | forces the server to use UDP port 23169: use some other number if 23169 |
359 | is inappropriate for your requirements. I chose it by reducing the |
360 | RIPEMD160 hash of |
361 | .RB ` tripe\-port\-number\e0 ' |
362 | modulo 2\*(ss16\*(se.) |
363 | .RE |
364 | .hP 6. |
365 | To get |
366 | .B alice |
367 | talking to |
368 | .BR bob , |
369 | run this shell script (or one like it): |
370 | .RS |
371 | .VS |
372 | #! /bin/sh |
74eb47db |
373 | |
d6623498 |
374 | tripectl add bob 200.0.2.1 23169 |
375 | ifname=`tripectl ifname bob` |
376 | ifconfig $ifname \e |
377 | 192.168.0.1 \e |
378 | pointopoint 192.168.0.2 |
379 | route add -net \e |
380 | 10.0.2.0 netmask 255.255.255.0 \e |
381 | gw 192.168.0.2 |
382 | .VE |
383 | Read |
384 | .BR ifconfig (8) |
385 | and |
386 | .BR route (8) |
387 | to find out about your system's variants of these commands. The |
388 | versions shown above assume a Linux system. |
389 | Run a similar script on |
390 | .BR bob , |
391 | to tell its |
392 | .B tripe |
393 | server to talk to |
394 | .BR alice . |
395 | .RE |
396 | .hP 7. |
397 | Congratulations. The two servers will exchange keys and begin sending |
398 | packets almost immediately. You've set up a virtual private network. |
74eb47db |
399 | .SS "About the name" |
400 | The program's name is |
401 | .BR tripe , |
402 | all in lower-case. The name of the protocol it uses is `TrIPE', with |
403 | four capital letters and one lower-case. The name stands for `Trivial |
404 | IP Encryption'. |
405 | .SH "BUGS" |
74eb47db |
406 | The code hasn't been audited. It may contain security bugs. If you |
407 | find one, please inform the author |
408 | .IR immediately . |
409 | .SH "SEE ALSO" |
410 | .BR key (1), |
411 | .BR tripectl (1), |
412 | .BR tripe\-admin (5). |
413 | .PP |
414 | .IR "The Trivial IP Encryption Protocol" , |
415 | .IR "The Wrestlers Protocol" . |
416 | .SH "AUTHOR" |
417 | Mark Wooding, <mdw@nsict.org> |