74eb47db |
1 | .\" -*-nroff-*- |
2 | .\". |
3 | .de hP |
4 | .IP |
5 | \h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c |
6 | .. |
7 | .de VS |
8 | .sp 1 |
9 | .RS |
10 | .nf |
11 | .ft B |
12 | .. |
13 | .de VE |
14 | .ft R |
15 | .fi |
16 | .RE |
17 | .sp 1 |
18 | .. |
19 | .ie t \{\ |
20 | . ds o \(bu |
21 | . ds ss \s8\u |
22 | . ds se \d\s0 |
23 | . if \n(.g \{\ |
24 | . fam P |
25 | . \} |
26 | .\} |
27 | .el \{\ |
28 | . ds o o |
29 | . ds ss ^ |
30 | . ds se _ |
31 | .\} |
32 | .TH tripe 8 "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" |
33 | .SH "NAME" |
34 | tripe \- a simple VPN daemon |
35 | .SH "SYNOPSIS" |
36 | .B tripe |
37 | .RB [ \-D ] |
38 | .RB [ \-p |
39 | .IR port ] |
40 | .RB [ \-T |
41 | .IR trace-opts ] |
42 | .RB [ \-d |
43 | .IR dir ] |
44 | .RB [ \-a |
45 | .IR socket ] |
46 | .br |
47 | |
48 | .RB [ \-k |
49 | .IR priv-keyring ] |
50 | .RB [ \-K |
51 | .IR pub-keyring ] |
52 | .RB [ \-t |
53 | .IR key-tag ] |
54 | .SH "DESCRIPTION" |
55 | The |
56 | .B tripe |
57 | program is a server which can provide strong IP-level encryption and |
58 | authentication between two co-operating hosts. The program and its |
59 | protocol are deliberately very simple, to make analysing them easy and |
60 | to help build trust rapidly in the system. |
61 | .SS "Overview" |
62 | The |
63 | .B tripe |
64 | server manages a number of secure connections to other `peer' hosts. |
65 | Each daemon is given a private key of its own, and a file of public keys |
66 | for the peers with which it is meant to communicate. It is responsible |
67 | for negotiating sets of symmetric keys with its peers, and for |
68 | encrypting, encapsulating and sending IP packets to its peers, and |
69 | decrypting, checking and de-encapsulating packets it receives from |
70 | them. |
71 | .PP |
72 | When the server starts, it creates a Unix-domain socket on which it |
73 | listens for administration commands. It also logs warnings and |
74 | diagnostic information to the programs connected to its admin socket. |
75 | Clients connected to the socket can add new peers, and remove or find |
76 | out about existing peers. The textual protocol used to give the |
77 | .B tripe |
78 | server admin commands is described in |
79 | .BR tripe\-admin (5). |
80 | A client program |
81 | .BR tripectl (1) |
82 | is provided to allow commands to be sent to the server either |
83 | interactively or by simple scripts. |
84 | .SS "Command-line arguments" |
85 | If not given any command-line arguments, |
86 | .B tripe |
87 | will initialize by following these steps: |
88 | .hP \*o |
89 | It changes directory to |
90 | .BR /var/lib/tripe . |
91 | .hP \*o |
92 | It acquires a UDP socket with an arbitrary kernel-selected port number. |
93 | It will use this socket to send and receive all communications with its |
94 | peer servers. The port chosen may be discovered by means of the |
95 | .B PORT |
96 | admin command (see |
97 | .BR tripe\-admin (5)). |
98 | .hP \*o |
99 | It loads the private key with the tag or type name |
100 | .B tripe\-dh |
101 | from the Catacomb-format file |
102 | .BR keyring , |
103 | and loads the file |
104 | .B keyring.pub |
105 | ready for extracting the public keys of peers as they're introduced. |
106 | (The format of these files is described in |
107 | .BR keyring (5). |
108 | They are maintained using the program |
109 | .BR key (1) |
110 | provided with the Catacomb distribution.) |
111 | .hP \*o |
112 | It creates and listens to the Unix-domain socket |
113 | .BR tripesock . |
114 | .PP |
115 | Following this, the server enters its main loop, accepting admin |
116 | connections and obeying any administrative commands, and communicating |
117 | with peers. It also treats its standard input and standard output |
118 | streams as an admin connection, reading commands from standard input and |
119 | writing responses and diagnostics messages to standard output. |
120 | .PP |
121 | Much of this behaviour may be altered by giving |
122 | .B tripe |
123 | suitable command-line options: |
124 | .TP |
125 | .B "\-h, \-\-help" |
126 | Writes a brief description of the command-line options available to |
127 | standard output and exits with status 0. |
128 | .TP |
129 | .B "\-v, \-\-version" |
130 | Writes |
131 | .BR tripe 's |
132 | version number to standard output and exits with status 0. |
133 | .TP |
134 | .B "\-u, \-\-usage" |
135 | Writes a brief usage summary to standard output and exits with status 0. |
136 | .TP |
137 | .B "\-D, \-\-daemon" |
138 | Dissociates from its terminal and starts running in the background after |
139 | completing the initialization procedure described above. If running as |
140 | a daemon, |
141 | .B tripe |
142 | will not read commands from standard input or write diagnostics to |
143 | standard output. A better way to start |
144 | .B tripe |
145 | in the background is with |
146 | .BR tripectl (1). |
147 | .TP |
148 | .BI "\-d, \-\-directory=" dir |
149 | Makes |
150 | .I dir |
151 | the current directory, instead of |
152 | .BR /var/lib/tripe . |
153 | Give a current directory of |
154 | .B . |
155 | if you don't want it to change directory at all. |
156 | .TP |
157 | .BI "\-p, \-\-port=" port |
158 | Use the specified UDP port for all communications with peers, rather |
159 | than an arbitarary kernel-assigned port. |
160 | .TP |
161 | .BI "\-k, \-\-priv\-keyring=" file |
162 | Reads the private key from |
163 | .I file |
164 | rather than the default |
165 | .BR keyring . |
166 | .TP |
167 | .BI "\-K, \-\-pub\-keyring=" file |
168 | Reads public keys from |
169 | .I file |
170 | rather than the default |
171 | .BR keyring.pub . |
172 | This can be the same as the private keyring, but that's not recommended. |
173 | .TP |
174 | .BI "\-t, \-\-tag=" tag |
175 | Uses the private key whose tag or type is |
176 | .I tag |
177 | rather than the default |
178 | .BR tripe\-dh . |
179 | .TP |
180 | .BI "\-a, \-\-admin\-socket=" socket |
181 | Accept admin connections to a Unix-domain socket named |
182 | .I socket |
183 | rather than the default |
184 | .BR tripesock . |
185 | .TP |
186 | .BI "\-T, \-\-trace=" trace-opts |
187 | Allows the enabling or disabling of various internal diagnostics. See |
188 | below for the list of options. |
189 | .SS "Key management" |
190 | The TrIPE protocol requires all cooperating hosts to be using keys |
191 | with the same group parameters. A suitable group may be created with the |
192 | command: |
193 | .VS |
194 | key add \-adh\-param \-LS \-b2048 \-B256 \e |
195 | \-eforever \-tparam tripe\-dh\-param |
196 | .VE |
197 | This creates a `parameters' key labelled |
198 | .B param |
199 | in your keyring file: it doesn't contain any secrets. You may vary the |
200 | security parameters |
201 | .B \-b |
202 | and |
203 | .B \-B |
204 | to taste: the ones given provide good security, at the expense of |
205 | performance. Even so, from a cryptographic point of view, these keys |
206 | will be the weak point in the security of the system. Generation of the |
207 | group parameters can take a few minutes. |
208 | .PP |
209 | You should extract the parameters from your keyring and distribute them |
210 | (securely) to the other administrators. The parameters may be extracted |
211 | from your keyring with the command: |
212 | .VS |
213 | key extract param param |
214 | .VE |
215 | This may be merged into a keyring with: |
216 | .VS |
217 | key merge param |
218 | .VE |
219 | Once your keyring contains the parameters, a suitable key can be created |
220 | with the command: |
221 | .VS |
222 | key add \-adh \-pparam \-e"now + 1 year" tripe\-dh |
223 | .VE |
224 | This creates a Diffie-Hellman key using the parameters from key |
225 | .B param |
226 | which expires in one year. The new key has type |
227 | .BR tripe\-dh . |
228 | |
229 | .SS "About the name" |
230 | The program's name is |
231 | .BR tripe , |
232 | all in lower-case. The name of the protocol it uses is `TrIPE', with |
233 | four capital letters and one lower-case. The name stands for `Trivial |
234 | IP Encryption'. |
235 | .SH "BUGS" |
236 | It's too easy to deny service during key exchange. If both ends are |
237 | honest, they'll notice any interference and resend their packets, but |
238 | it's possible to delay successful negotation for as long as desired by |
239 | sending bogus key exchange messages. |
240 | .PP |
241 | The code hasn't been audited. It may contain security bugs. If you |
242 | find one, please inform the author |
243 | .IR immediately . |
244 | .SH "SEE ALSO" |
245 | .BR key (1), |
246 | .BR tripectl (1), |
247 | .BR tripe\-admin (5). |
248 | .PP |
249 | .IR "The Trivial IP Encryption Protocol" , |
250 | .IR "The Wrestlers Protocol" . |
251 | .SH "AUTHOR" |
252 | Mark Wooding, <mdw@nsict.org> |