ef4a1ab7 |
1 | SETTING UP TRIPE FOR DEBIAN GNU/LINUX |
2 | |
e04c2d50 |
3 | Firstly, you need to set up public key parameters. To generate |
ef4a1ab7 |
4 | a new set, run |
5 | |
6 | # cd /etc/tripe |
7 | # key add -adh-param -LS -b2048 -B256 -eforever \ |
8 | -tparam tripe-dh-param |
9 | # key extract param param |
10 | |
11 | (Feel free to twiddle these settings. Read key(1) for details |
12 | about the various options.) You can now copy the file `param' |
13 | to the other hosts which will participate in the VPN. If you |
14 | already have a `param' file from this procedure, you should |
15 | copy it into /etc/tripe and run |
16 | |
17 | # key merge param |
18 | |
19 | instead. |
20 | |
21 | Now, generate a public key. Before you can do this, you'll need |
22 | to give this host a name. Let's say we've chosen `alice' as the |
23 | name. Run |
24 | |
25 | # key add -adh -pparam -talice -e"now + 1 year" tripe-dh |
26 | # key extract -f-secret alice.pub alice |
27 | # key -kkeyring.pub merge alice.pub |
28 | |
29 | Now copy `alice.pub' to the other hosts, and run the `key merge' |
30 | command on each of them. Also merge the keys from the other |
31 | hosts into alice's `keyring.pub' file. |
32 | |
33 | Finally, you need to write a script in /etc/tripe/peers for each |
34 | peer you want to communicate with. The following template works |
35 | OK. |
36 | |
37 | #! /bin/sh |
38 | |
39 | set -e |
40 | |
41 | PEER=... # The peer's name |
42 | PEERADDR=... # Peer's publicly-routable address |
165efde7 |
43 | PEERPORT=4070 # Port peer is listening on |
ef4a1ab7 |
44 | LOCAL=... # My address for point-to-point |
45 | REMOTE=... # His address for point-to-point |
46 | RNET=... # Remote network address |
47 | RMASK=... # Netmask of remote network |
48 | |
49 | tripectl add $PEER $PEERADDR $PEERPORT |
50 | ifname=`tripectl ifname $PEER` |
51 | ifconfig $ifname $LOCAL pointopoint $REMOTE mtu 1429 |
52 | route add -net $RNET netmask $RMASK gw $REMOTE |
53 | |