[tripe] / doc / tripe.8

.\" -*-nroff-*-
.\".
.de hP
.IP
\h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c
..
.de VS
.sp 1
.RS
.nf
.ft B
..
.de VE
.ft R
.fi
.RE
.sp 1
..
.ie t \{\
.  ds o \(bu
.  ds ss \s8\u
.  ds se \d\s0
.  if \n(.g \{\
.    fam P
.  \}
.\}
.el \{\
.  ds o o
.  ds ss ^
.  ds se _
.\}
.TH tripe 8 "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.SH "NAME"
tripe \- a simple VPN daemon
.SH "SYNOPSIS"
.B tripe
.RB [ \-D ]
.RB [ \-p
.IR port ]
.RB [ \-T
.IR trace-opts ]
.RB [ \-d
.IR dir ]
.RB [ \-a
.IR socket ]
.br
	
.RB [ \-k
.IR priv-keyring ]
.RB [ \-K
.IR pub-keyring ]
.RB [ \-t
.IR key-tag ]
.SH "DESCRIPTION"
The
.B tripe
program is a server which can provide strong IP-level encryption and
authentication between two co-operating hosts.  The program and its
protocol are deliberately very simple, to make analysing them easy and
to help build trust rapidly in the system.
.SS "Overview"
The
.B tripe
server manages a number of secure connections to other `peer' hosts.
Each daemon is given a private key of its own, and a file of public keys
for the peers with which it is meant to communicate.  It is responsible
for negotiating sets of symmetric keys with its peers, and for
encrypting, encapsulating and sending IP packets to its peers, and
decrypting, checking and de-encapsulating packets it receives from
them.
.PP
When the server starts, it creates a Unix-domain socket on which it
listens for administration commands.  It also logs warnings and
diagnostic information to the programs connected to its admin socket.
Clients connected to the socket can add new peers, and remove or find
out about existing peers.  The textual protocol used to give the
.B tripe
server admin commands is described in
.BR tripe\-admin (5).
A client program
.BR tripectl (1)
is provided to allow commands to be sent to the server either
interactively or by simple scripts.
.SS "Command-line arguments"
If not given any command-line arguments,
.B tripe
will initialize by following these steps:
.hP \*o
It changes directory to
.BR /var/lib/tripe .
.hP \*o
It acquires a UDP socket with an arbitrary kernel-selected port number.
It will use this socket to send and receive all communications with its
peer servers.  The port chosen may be discovered by means of the
.B PORT
admin command (see
.BR tripe\-admin (5)).
.hP \*o
It loads the private key with the tag or type name
.B tripe\-dh
from the Catacomb-format file
.BR keyring ,
and loads the file
.B keyring.pub
ready for extracting the public keys of peers as they're introduced.
(The format of these files is described in
.BR keyring (5).
They are maintained using the program
.BR key (1)
provided with the Catacomb distribution.)
.hP \*o
It creates and listens to the Unix-domain socket
.BR tripesock .
.PP
Following this, the server enters its main loop, accepting admin
connections and obeying any administrative commands, and communicating
with peers.  It also treats its standard input and standard output
streams as an admin connection, reading commands from standard input and
writing responses and diagnostics messages to standard output.
.PP
Much of this behaviour may be altered by giving
.B tripe
suitable command-line options:
.TP
.B "\-h, \-\-help"
Writes a brief description of the command-line options available to
standard output and exits with status 0.
.TP
.B "\-v, \-\-version"
Writes
.BR tripe 's
version number to standard output and exits with status 0.
.TP
.B "\-u, \-\-usage"
Writes a brief usage summary to standard output and exits with status 0.
.TP
.B "\-D, \-\-daemon"
Dissociates from its terminal and starts running in the background after
completing the initialization procedure described above.  If running as
a daemon,
.B tripe
will not read commands from standard input or write diagnostics to
standard output.  A better way to start
.B tripe
in the background is with
.BR tripectl (1).
.TP
.BI "\-d, \-\-directory=" dir
Makes
.I dir
the current directory, instead of
.BR /var/lib/tripe .
Give a current directory of
.B .
if you don't want it to change directory at all.
.TP
.BI "\-p, \-\-port=" port
Use the specified UDP port for all communications with peers, rather
than an arbitarary kernel-assigned port.
.TP
.BI "\-k, \-\-priv\-keyring=" file
Reads the private key from
.I file
rather than the default
.BR keyring .
.TP
.BI "\-K, \-\-pub\-keyring=" file
Reads public keys from
.I file
rather than the default
.BR keyring.pub .
This can be the same as the private keyring, but that's not recommended.
.TP
.BI "\-t, \-\-tag=" tag
Uses the private key whose tag or type is
.I tag
rather than the default
.BR tripe\-dh .
.TP
.BI "\-a, \-\-admin\-socket=" socket
Accept admin connections to a Unix-domain socket named
.I socket
rather than the default
.BR tripesock .
.TP
.BI "\-T, \-\-trace=" trace-opts
Allows the enabling or disabling of various internal diagnostics.  See
below for the list of options.
.SS "Key management"
The TrIPE protocol requires all cooperating hosts to be using keys
with the same group parameters.  A suitable group may be created with the
command:
.VS
key add \-adh\-param \-LS \-b2048 \-B256 \e
	\-eforever \-tparam tripe\-dh\-param
.VE
This creates a `parameters' key labelled
.B param
in your keyring file: it doesn't contain any secrets.  You may vary the
security parameters
.B \-b
and
.B \-B
to taste: the ones given provide good security, at the expense of
performance.  Even so, from a cryptographic point of view, these keys
will be the weak point in the security of the system.  Generation of the
group parameters can take a few minutes.
.PP
You should extract the parameters from your keyring and distribute them
(securely) to the other administrators.  The parameters may be extracted
from your keyring with the command:
.VS
key extract param param
.VE
This may be merged into a keyring with:
.VS
key merge param
.VE
Once your keyring contains the parameters, a suitable key can be created
with the command:
.VS
key add \-adh \-pparam \-e"now + 1 year" tripe\-dh
.VE
This creates a Diffie-Hellman key using the parameters from key
.B param
which expires in one year.  The new key has type
.BR tripe\-dh .

.SS "About the name"
The program's name is
.BR tripe ,
all in lower-case.  The name of the protocol it uses is `TrIPE', with
four capital letters and one lower-case.  The name stands for `Trivial
IP Encryption'.
.SH "BUGS"
It's too easy to deny service during key exchange.  If both ends are
honest, they'll notice any interference and resend their packets, but
it's possible to delay successful negotation for as long as desired by
sending bogus key exchange messages.
.PP
The code hasn't been audited.  It may contain security bugs.  If you
find one, please inform the author
.IR immediately .
.SH "SEE ALSO"
.BR key (1),
.BR tripectl (1),
.BR tripe\-admin (5).
.PP
.IR "The Trivial IP Encryption Protocol" ,
.IR "The Wrestlers Protocol" .
.SH "AUTHOR"
Mark Wooding, <mdw@nsict.org>
Commit	Line	Data
74eb47db	1	.\" --nroff--
	2	.\".
	3	.de hP
	4	.IP
	5	\h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c
	6	..
	7	.de VS
	8	.sp 1
	9	.RS
	10	.nf
	11	.ft B
	12	..
	13	.de VE
	14	.ft R
	15	.fi
	16	.RE
	17	.sp 1
	18	..
	19	.ie t \{\
	20	. ds o \(bu
	21	. ds ss \s8\u
	22	. ds se \d\s0
	23	. if \n(.g \{\
	24	. fam P
	25	. \}
	26	.\}
	27	.el \{\
	28	. ds o o
	29	. ds ss ^
	30	. ds se _
	31	.\}
	32	.TH tripe 8 "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
	33	.SH "NAME"
	34	tripe \- a simple VPN daemon
	35	.SH "SYNOPSIS"
	36	.B tripe
	37	.RB [ \-D ]
	38	.RB [ \-p
	39	.IR port ]
	40	.RB [ \-T
	41	.IR trace-opts ]
	42	.RB [ \-d
	43	.IR dir ]
	44	.RB [ \-a
	45	.IR socket ]
	46	.br
	47
	48	.RB [ \-k
	49	.IR priv-keyring ]
	50	.RB [ \-K
	51	.IR pub-keyring ]
	52	.RB [ \-t
	53	.IR key-tag ]
	54	.SH "DESCRIPTION"
	55	The
	56	.B tripe
	57	program is a server which can provide strong IP-level encryption and
	58	authentication between two co-operating hosts. The program and its
	59	protocol are deliberately very simple, to make analysing them easy and
	60	to help build trust rapidly in the system.
	61	.SS "Overview"
	62	The
	63	.B tripe
	64	server manages a number of secure connections to other `peer' hosts.
65	Each daemon is given a private key of its own, and a file of public keys
66	for the peers with which it is meant to communicate. It is responsible
67	for negotiating sets of symmetric keys with its peers, and for
68	encrypting, encapsulating and sending IP packets to its peers, and
69	decrypting, checking and de-encapsulating packets it receives from
70	them.
71	.PP
72	When the server starts, it creates a Unix-domain socket on which it
73	listens for administration commands. It also logs warnings and
74	diagnostic information to the programs connected to its admin socket.
75	Clients connected to the socket can add new peers, and remove or find
76	out about existing peers. The textual protocol used to give the
77	.B tripe
78	server admin commands is described in
79	.BR tripe\-admin (5).
80	A client program
81	.BR tripectl (1)
82	is provided to allow commands to be sent to the server either
83	interactively or by simple scripts.
84	.SS "Command-line arguments"
85	If not given any command-line arguments,
86	.B tripe
87	will initialize by following these steps:
88	.hP \*o
89	It changes directory to
90	.BR /var/lib/tripe .
91	.hP \*o
92	It acquires a UDP socket with an arbitrary kernel-selected port number.
93	It will use this socket to send and receive all communications with its
94	peer servers. The port chosen may be discovered by means of the
95	.B PORT
96	admin command (see
97	.BR tripe\-admin (5)).
98	.hP \*o
99	It loads the private key with the tag or type name
100	.B tripe\-dh
101	from the Catacomb-format file
102	.BR keyring ,
103	and loads the file
104	.B keyring.pub
105	ready for extracting the public keys of peers as they're introduced.
106	(The format of these files is described in
107	.BR keyring (5).
108	They are maintained using the program
109	.BR key (1)
110	provided with the Catacomb distribution.)
111	.hP \*o
112	It creates and listens to the Unix-domain socket
113	.BR tripesock .
114	.PP
115	Following this, the server enters its main loop, accepting admin
116	connections and obeying any administrative commands, and communicating
117	with peers. It also treats its standard input and standard output
118	streams as an admin connection, reading commands from standard input and
119	writing responses and diagnostics messages to standard output.
120	.PP
121	Much of this behaviour may be altered by giving
122	.B tripe
123	suitable command-line options:
124	.TP
125	.B "\-h, \-\-help"
126	Writes a brief description of the command-line options available to
127	standard output and exits with status 0.
128	.TP
129	.B "\-v, \-\-version"
130	Writes
131	.BR tripe 's
132	version number to standard output and exits with status 0.
133	.TP
134	.B "\-u, \-\-usage"
135	Writes a brief usage summary to standard output and exits with status 0.
136	.TP
137	.B "\-D, \-\-daemon"
138	Dissociates from its terminal and starts running in the background after
139	completing the initialization procedure described above. If running as
140	a daemon,
141	.B tripe
142	will not read commands from standard input or write diagnostics to
143	standard output. A better way to start
144	.B tripe
145	in the background is with
146	.BR tripectl (1).
147	.TP
148	.BI "\-d, \-\-directory=" dir
149	Makes
150	.I dir
151	the current directory, instead of
152	.BR /var/lib/tripe .
153	Give a current directory of
154	.B .
155	if you don't want it to change directory at all.
156	.TP
157	.BI "\-p, \-\-port=" port
158	Use the specified UDP port for all communications with peers, rather
159	than an arbitarary kernel-assigned port.
160	.TP
161	.BI "\-k, \-\-priv\-keyring=" file
162	Reads the private key from
163	.I file
164	rather than the default
165	.BR keyring .
166	.TP
167	.BI "\-K, \-\-pub\-keyring=" file
168	Reads public keys from
169	.I file
170	rather than the default
171	.BR keyring.pub .
172	This can be the same as the private keyring, but that's not recommended.
173	.TP
174	.BI "\-t, \-\-tag=" tag
175	Uses the private key whose tag or type is
176	.I tag
177	rather than the default
178	.BR tripe\-dh .
179	.TP
180	.BI "\-a, \-\-admin\-socket=" socket
181	Accept admin connections to a Unix-domain socket named
182	.I socket
183	rather than the default
184	.BR tripesock .
185	.TP
186	.BI "\-T, \-\-trace=" trace-opts
187	Allows the enabling or disabling of various internal diagnostics. See
188	below for the list of options.
189	.SS "Key management"
190	The TrIPE protocol requires all cooperating hosts to be using keys
191	with the same group parameters. A suitable group may be created with the
192	command:
193	.VS
194	key add \-adh\-param \-LS \-b2048 \-B256 \e
195	\-eforever \-tparam tripe\-dh\-param
196	.VE
197	This creates a `parameters' key labelled
198	.B param
199	in your keyring file: it doesn't contain any secrets. You may vary the
200	security parameters
201	.B \-b
202	and
203	.B \-B
204	to taste: the ones given provide good security, at the expense of
205	performance. Even so, from a cryptographic point of view, these keys
206	will be the weak point in the security of the system. Generation of the
207	group parameters can take a few minutes.
208	.PP
209	You should extract the parameters from your keyring and distribute them
210	(securely) to the other administrators. The parameters may be extracted
211	from your keyring with the command:
212	.VS
213	key extract param param
214	.VE
215	This may be merged into a keyring with:
216	.VS
217	key merge param
218	.VE
219	Once your keyring contains the parameters, a suitable key can be created
220	with the command:
221	.VS
222	key add \-adh \-pparam \-e"now + 1 year" tripe\-dh
223	.VE
224	This creates a Diffie-Hellman key using the parameters from key
225	.B param
226	which expires in one year. The new key has type
227	.BR tripe\-dh .
228
229	.SS "About the name"
230	The program's name is
231	.BR tripe ,
232	all in lower-case. The name of the protocol it uses is `TrIPE', with
233	four capital letters and one lower-case. The name stands for `Trivial
234	IP Encryption'.
235	.SH "BUGS"
236	It's too easy to deny service during key exchange. If both ends are
237	honest, they'll notice any interference and resend their packets, but
238	it's possible to delay successful negotation for as long as desired by
239	sending bogus key exchange messages.
240	.PP
241	The code hasn't been audited. It may contain security bugs. If you
242	find one, please inform the author
243	.IR immediately .
244	.SH "SEE ALSO"
245	.BR key (1),
246	.BR tripectl (1),
247	.BR tripe\-admin (5).
248	.PP
249	.IR "The Trivial IP Encryption Protocol" ,
250	.IR "The Wrestlers Protocol" .
251	.SH "AUTHOR"
252	Mark Wooding, <mdw@nsict.org>