Commit | Line | Data |
---|---|---|
74eb47db | 1 | .\" -*-nroff-*- |
2 | .\". | |
fc916a09 MW |
3 | .\" Manual for the server |
4 | .\" | |
5 | .\" (c) 2008 Straylight/Edgeware | |
6 | .\" | |
7 | . | |
8 | .\"----- Licensing notice --------------------------------------------------- | |
9 | .\" | |
10 | .\" This file is part of Trivial IP Encryption (TrIPE). | |
11 | .\" | |
12 | .\" TrIPE is free software; you can redistribute it and/or modify | |
13 | .\" it under the terms of the GNU General Public License as published by | |
14 | .\" the Free Software Foundation; either version 2 of the License, or | |
15 | .\" (at your option) any later version. | |
16 | .\" | |
17 | .\" TrIPE is distributed in the hope that it will be useful, | |
18 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | .\" GNU General Public License for more details. | |
21 | .\" | |
22 | .\" You should have received a copy of the GNU General Public License | |
23 | .\" along with TrIPE; if not, write to the Free Software Foundation, | |
24 | .\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
25 | . | |
26 | .\"-------------------------------------------------------------------------- | |
27 | .so ../defs.man.in \" @@@PRE@@@ | |
28 | . | |
29 | .\"-------------------------------------------------------------------------- | |
74eb47db | 30 | .TH tripe 8 "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" |
fc916a09 MW |
31 | . |
32 | .\"-------------------------------------------------------------------------- | |
74eb47db | 33 | .SH "NAME" |
fc916a09 | 34 | . |
74eb47db | 35 | tripe \- a simple VPN daemon |
fc916a09 MW |
36 | . |
37 | .\"-------------------------------------------------------------------------- | |
74eb47db | 38 | .SH "SYNOPSIS" |
fc916a09 | 39 | . |
74eb47db | 40 | .B tripe |
41 | .RB [ \-D ] | |
74eb47db | 42 | .RB [ \-d |
43 | .IR dir ] | |
d13e5724 | 44 | .RB [ \-b |
45 | .IR addr ] | |
33ced0d3 | 46 | .RB [ \-p |
47 | .IR port ] | |
42da2a58 | 48 | .RB [ \-n |
49 | .IR tunnel ] | |
d13e5724 | 50 | .br |
85b1ebd6 | 51 | \c |
33ced0d3 | 52 | .RB [ \-U |
53 | .IR user ] | |
54 | .RB [ \-G | |
55 | .IR group ] | |
d13e5724 | 56 | .RB [ \-a |
57 | .IR socket ] | |
58 | .RB [ \-T | |
59 | .IR trace-opts ] | |
74eb47db | 60 | .br |
85b1ebd6 | 61 | \c |
74eb47db | 62 | .RB [ \-k |
63 | .IR priv-keyring ] | |
64 | .RB [ \-K | |
65 | .IR pub-keyring ] | |
66 | .RB [ \-t | |
67 | .IR key-tag ] | |
fc916a09 MW |
68 | . |
69 | .\"-------------------------------------------------------------------------- | |
74eb47db | 70 | .SH "DESCRIPTION" |
fc916a09 | 71 | . |
74eb47db | 72 | The |
73 | .B tripe | |
74 | program is a server which can provide strong IP-level encryption and | |
1a19f865 | 75 | authentication between co-operating hosts. The program and its protocol |
76 | are deliberately very simple, to make analysing them easy and to help | |
77 | build trust rapidly in the system. | |
74eb47db | 78 | .SS "Overview" |
79 | The | |
80 | .B tripe | |
81 | server manages a number of secure connections to other `peer' hosts. | |
82 | Each daemon is given a private key of its own, and a file of public keys | |
83 | for the peers with which it is meant to communicate. It is responsible | |
84 | for negotiating sets of symmetric keys with its peers, and for | |
85 | encrypting, encapsulating and sending IP packets to its peers, and | |
86 | decrypting, checking and de-encapsulating packets it receives from | |
87 | them. | |
88 | .PP | |
89 | When the server starts, it creates a Unix-domain socket on which it | |
90 | listens for administration commands. It also logs warnings and | |
91 | diagnostic information to the programs connected to its admin socket. | |
92 | Clients connected to the socket can add new peers, and remove or find | |
93 | out about existing peers. The textual protocol used to give the | |
94 | .B tripe | |
95 | server admin commands is described in | |
96 | .BR tripe\-admin (5). | |
97 | A client program | |
98 | .BR tripectl (1) | |
99 | is provided to allow commands to be sent to the server either | |
100 | interactively or by simple scripts. | |
101 | .SS "Command-line arguments" | |
102 | If not given any command-line arguments, | |
103 | .B tripe | |
104 | will initialize by following these steps: | |
1a19f865 | 105 | .hP 1. |
106 | It sets the directory named by the | |
107 | .B TRIPEDIR | |
108 | environment variable (or | |
fc916a09 | 109 | .B "*(/c" |
1a19f865 | 110 | if the variable is unset) as the current directory. |
111 | .hP 2. | |
74eb47db | 112 | It acquires a UDP socket with an arbitrary kernel-selected port number. |
113 | It will use this socket to send and receive all communications with its | |
114 | peer servers. The port chosen may be discovered by means of the | |
115 | .B PORT | |
116 | admin command (see | |
117 | .BR tripe\-admin (5)). | |
1a19f865 | 118 | .hP 3. |
74eb47db | 119 | It loads the private key with the tag or type name |
120 | .B tripe\-dh | |
121 | from the Catacomb-format file | |
122 | .BR keyring , | |
123 | and loads the file | |
124 | .B keyring.pub | |
125 | ready for extracting the public keys of peers as they're introduced. | |
126 | (The format of these files is described in | |
127 | .BR keyring (5). | |
128 | They are maintained using the program | |
129 | .BR key (1) | |
130 | provided with the Catacomb distribution.) | |
1a19f865 | 131 | .hP 4. |
74eb47db | 132 | It creates and listens to the Unix-domain socket |
133 | .BR tripesock . | |
134 | .PP | |
135 | Following this, the server enters its main loop, accepting admin | |
136 | connections and obeying any administrative commands, and communicating | |
137 | with peers. It also treats its standard input and standard output | |
138 | streams as an admin connection, reading commands from standard input and | |
33ced0d3 | 139 | writing responses and diagnostics messages to standard output. Finally, |
140 | it will reload keys from its keyring files if it notices that they've | |
141 | changed (it checks inode number and modification time) \- there's no | |
142 | need to send a signal. | |
74eb47db | 143 | .PP |
144 | Much of this behaviour may be altered by giving | |
145 | .B tripe | |
146 | suitable command-line options: | |
147 | .TP | |
148 | .B "\-h, \-\-help" | |
149 | Writes a brief description of the command-line options available to | |
150 | standard output and exits with status 0. | |
151 | .TP | |
152 | .B "\-v, \-\-version" | |
153 | Writes | |
154 | .BR tripe 's | |
155 | version number to standard output and exits with status 0. | |
156 | .TP | |
157 | .B "\-u, \-\-usage" | |
158 | Writes a brief usage summary to standard output and exits with status 0. | |
159 | .TP | |
42da2a58 | 160 | .B "\-\-tunnels" |
161 | Writes to standard output a list of the configured tunnel drivers, one | |
162 | per line, and exits with status 0. This is intended for the use of the | |
3cdc3f3a | 163 | start-up script, so that it can check that it will actually work. |
164 | .TP | |
74eb47db | 165 | .B "\-D, \-\-daemon" |
166 | Dissociates from its terminal and starts running in the background after | |
167 | completing the initialization procedure described above. If running as | |
168 | a daemon, | |
169 | .B tripe | |
170 | will not read commands from standard input or write diagnostics to | |
171 | standard output. A better way to start | |
172 | .B tripe | |
173 | in the background is with | |
174 | .BR tripectl (1). | |
175 | .TP | |
176 | .BI "\-d, \-\-directory=" dir | |
177 | Makes | |
178 | .I dir | |
797cf76b MW |
179 | the current directory. The default directory to change to is given by |
180 | the environment variable | |
181 | .BR TRIPEDIR ; | |
182 | if that's not specified, a default default of | |
fc916a09 | 183 | .B "*(/c" |
797cf76b | 184 | is used. Give a current directory of |
74eb47db | 185 | .B . |
186 | if you don't want it to change directory at all. | |
187 | .TP | |
d13e5724 | 188 | .BI "\-b, \-\-bind-address="addr |
189 | Bind the UDP socket to IP address | |
190 | .I addr | |
191 | rather than the default of | |
192 | .BR INADDR_ANY . | |
193 | This is useful if your main globally-routable IP address is one you want | |
194 | to tunnel through the VPN. | |
195 | .TP | |
74eb47db | 196 | .BI "\-p, \-\-port=" port |
197 | Use the specified UDP port for all communications with peers, rather | |
198 | than an arbitarary kernel-assigned port. | |
199 | .TP | |
42da2a58 | 200 | .BI "\-n, \-\-tunnel=" tunnel |
201 | Use the specified tunnel driver for new peers by default. | |
202 | .TP | |
33ced0d3 | 203 | .BI "\-U, \-\-setuid=" user |
204 | Set uid to that of | |
205 | .I user | |
206 | (either a user name or integer uid) after initialization. Also set gid | |
207 | to | |
208 | .IR user 's | |
209 | primary group, unless overridden by a | |
210 | .B \-G | |
211 | option. | |
212 | .TP | |
213 | .BI "\-G, \-\-setgid=" group | |
214 | Set gid to that of | |
215 | .I group | |
216 | (either a group name or integer gid) after initialization. | |
217 | .TP | |
74eb47db | 218 | .BI "\-k, \-\-priv\-keyring=" file |
219 | Reads the private key from | |
220 | .I file | |
221 | rather than the default | |
222 | .BR keyring . | |
223 | .TP | |
224 | .BI "\-K, \-\-pub\-keyring=" file | |
225 | Reads public keys from | |
226 | .I file | |
227 | rather than the default | |
228 | .BR keyring.pub . | |
229 | This can be the same as the private keyring, but that's not recommended. | |
230 | .TP | |
231 | .BI "\-t, \-\-tag=" tag | |
232 | Uses the private key whose tag or type is | |
233 | .I tag | |
234 | rather than the default | |
235 | .BR tripe\-dh . | |
236 | .TP | |
237 | .BI "\-a, \-\-admin\-socket=" socket | |
238 | Accept admin connections to a Unix-domain socket named | |
797cf76b MW |
239 | .IR socket . |
240 | The default socket, if this option isn't specified, is given by the | |
241 | environment variable | |
242 | .BR TRIPESOCK ; | |
243 | if that's not set either, then a default default of | |
fc916a09 | 244 | .B "*(/s/tripesock" |
797cf76b | 245 | is used instead. |
74eb47db | 246 | .TP |
247 | .BI "\-T, \-\-trace=" trace-opts | |
248 | Allows the enabling or disabling of various internal diagnostics. See | |
249 | below for the list of options. | |
d6623498 | 250 | .SS "Setting up a VPN with tripe" |
251 | The | |
252 | .B tripe | |
253 | server identifies peers by name. While it's | |
254 | .I possible | |
255 | for each host to maintain its own naming system for its peers, this is | |
256 | likely to lead to confusion, and it's more sensible to organize a naming | |
257 | system that works everywhere. How you manage this naming is up to you. | |
258 | The only restriction on the format of names is that they must be valid | |
259 | Catacomb key tags, since this is how | |
260 | .B tripe | |
261 | identifies which public key to use for a particular peer: they may not | |
262 | contain whitespace characters, or a colon | |
263 | .RB ` : ' | |
264 | or dot | |
265 | .RB ` . ', | |
266 | .PP | |
267 | Allocating IP addresses for VPNs can get quite complicated. I'll | |
268 | attempt to illustrate with a relatively simple example. Our objective | |
269 | will be to set up a virtual private network between two sites of | |
270 | .BR example.com . | |
271 | The two sites are using distinct IP address ranges from the private | |
272 | address space described in RFC1918: site A is using addresses from | |
273 | 10.0.1.0/24 and site B is using 10.0.2.0/24. Each site has a gateway | |
274 | host set up with both an address on the site's private network, and an | |
275 | externally-routable address from the public IP address space. Site A's | |
276 | gateway machine, | |
277 | .BR alice , | |
278 | has the addresses 10.0.1.1 and 200.0.1.1; site B's gateway is | |
279 | .B bob | |
280 | and has addresses 10.0.2.1 and 200.0.2.1. | |
d6623498 | 281 | .hP 1. |
282 | Install | |
283 | .B tripe | |
284 | on both of the gateway hosts. Create the directory | |
285 | .BR /var/lib/tripe . | |
286 | .hP 2. | |
287 | On | |
288 | .BR alice , | |
289 | make | |
290 | .B /var/lib/tripe | |
291 | the current directory and generate a Diffie-Hellman group: | |
292 | .RS | |
74eb47db | 293 | .VS |
294 | key add \-adh\-param \-LS \-b2048 \-B256 \e | |
295 | \-eforever \-tparam tripe\-dh\-param | |
296 | .VE | |
d6623498 | 297 | (See |
298 | .BR key (1) | |
299 | from the Catacomb distribution for details about the | |
300 | .B key | |
301 | command.) Also generate a private key for | |
302 | .BR alice : | |
303 | .VS | |
304 | key add \-adh \-pparam \-talice \e | |
305 | \-e"now + 1 year" tripe\-dh | |
306 | .VE | |
307 | Extract the group parameters and | |
308 | .BR alice 's | |
309 | public key to | |
310 | .I separate | |
311 | files, and put the public key in | |
312 | .BR keyring.pub : | |
74eb47db | 313 | .VS |
314 | key extract param param | |
37075862 | 315 | key extract \-f\-secret alice.pub alice |
d6623498 | 316 | key \-kkeyring.pub merge alice.pub |
74eb47db | 317 | .VE |
d6623498 | 318 | Send the files |
319 | .B param | |
320 | and | |
321 | .B alice.pub | |
322 | to | |
323 | .B bob | |
324 | in some secure way (e.g., in PGP-signed email, or by using SSH), so that | |
325 | you can be sure they've not been altered in transit. | |
326 | .RE | |
327 | .hP 3. | |
328 | On | |
329 | .B bob | |
330 | now, make | |
331 | .B /var/lib/tripe | |
332 | the current directory, and import the key material from | |
333 | .BR alice : | |
334 | .RS | |
74eb47db | 335 | .VS |
336 | key merge param | |
d6623498 | 337 | key \-kkeyring.pub merge alice.pub |
74eb47db | 338 | .VE |
d6623498 | 339 | Generate a private key for |
340 | .B bob | |
341 | and extract the public half, as before: | |
74eb47db | 342 | .VS |
d6623498 | 343 | key add \-adh \-pparam \-tbob \e |
344 | \-e"now + 1 year" tripe\-dh | |
383f2a0b | 345 | key extract \-f\-secret bob.pub bob |
d6623498 | 346 | key \-kkeyring.pub merge bob.pub |
74eb47db | 347 | .VE |
d6623498 | 348 | and send |
349 | .B bob.pub | |
350 | back to | |
351 | .B alice | |
352 | using some secure method. | |
353 | .RE | |
354 | .hP 4 | |
355 | On | |
356 | .BR alice , | |
357 | merge | |
358 | .B bob 's | |
359 | key into the public keyring. Now, on each host, run | |
360 | .RS | |
361 | .VS | |
362 | key \-kkeyring.pub fingerprint | |
363 | .VE | |
364 | and check that the hashes match. If the two sites have separate | |
365 | administrators, they should read the hashes to each other over the | |
366 | telephone (assuming that they can recognize each other's voices). | |
367 | .RE | |
368 | .hP 5. | |
369 | Start the | |
370 | .B tripe | |
371 | servers up. Run | |
372 | .RS | |
373 | .VS | |
165efde7 | 374 | tripectl \-slD |
d6623498 | 375 | .VE |
376 | on each of | |
377 | .B alice | |
378 | and | |
379 | .BR bob . | |
d6623498 | 380 | .RE |
381 | .hP 6. | |
382 | To get | |
383 | .B alice | |
384 | talking to | |
385 | .BR bob , | |
386 | run this shell script (or one like it): | |
387 | .RS | |
388 | .VS | |
389 | #! /bin/sh | |
74eb47db | 390 | |
165efde7 | 391 | tripectl add bob 200.0.2.1 4070 |
d6623498 | 392 | ifname=`tripectl ifname bob` |
1f68dfc5 | 393 | ifconfig $ifname 10.0.1.1 pointopoint 10.0.2.1 |
d6623498 | 394 | route add -net \e |
395 | 10.0.2.0 netmask 255.255.255.0 \e | |
1f68dfc5 | 396 | gw 10.0.2.1 |
d6623498 | 397 | .VE |
398 | Read | |
399 | .BR ifconfig (8) | |
400 | and | |
401 | .BR route (8) | |
402 | to find out about your system's variants of these commands. The | |
403 | versions shown above assume a Linux system. | |
404 | Run a similar script on | |
405 | .BR bob , | |
406 | to tell its | |
407 | .B tripe | |
408 | server to talk to | |
409 | .BR alice . | |
410 | .RE | |
411 | .hP 7. | |
412 | Congratulations. The two servers will exchange keys and begin sending | |
413 | packets almost immediately. You've set up a virtual private network. | |
52c03a2a | 414 | .SS "Using elliptic curve keys" |
415 | The | |
416 | .B tripe | |
417 | server can use elliptic curve Diffie-Hellman for key exchange, rather | |
418 | than traditional integer Diffie-Hellman. Given current public | |
419 | knowledge, elliptic curves can provide similar or better security to | |
420 | systems based on integer discrete log problems, faster, and with less | |
421 | transmitted data. It's a matter of controversy whether this will | |
422 | continue to be the case. The author uses elliptic curves. | |
423 | .PP | |
424 | The server works out which it | |
425 | should be doing based on the key type, which is either | |
426 | .B tripe\-dh | |
427 | for standard Diffie-Hellman, or | |
428 | .B tripe\-ec | |
429 | for elliptic curves. To create elliptic curve keys, say something like | |
430 | .VS | |
431 | key add \-aec\-param \-Cnist-p192 \-eforever \e | |
432 | \-tparam tripe\-ec\-param | |
433 | .VE | |
434 | to construct a parameters key, using your preferred elliptic curve in | |
435 | the | |
436 | .B \-C | |
437 | option (see | |
438 | .BR key (1) | |
439 | for details); and create the private keys by | |
440 | .VS | |
441 | key add \-aec \-pparam \-talice \e | |
442 | \-e"now + 1 year" tripe\-ec | |
443 | .VE | |
444 | Now start | |
445 | .B tripe | |
446 | with the | |
447 | .B \-ttripe\-ec | |
448 | option, and all should be well. | |
b5c45da1 | 449 | .SS "Using other symmetric algorithms" |
450 | The default symmetric algorithms | |
451 | .B tripe | |
452 | uses are Blowfish (by Schneier) for symmetric encryption, and RIPEMD-160 | |
453 | (by Dobbertin, Bosselaers and Preneel) for hashing and as a MAC (in HMAC | |
454 | mode, designed by Bellare, Canetti and Krawczyk). These can all be | |
455 | overridden by setting attributes on your private key, as follows. | |
456 | .TP | |
457 | .B cipher | |
458 | Names the symmetric encryption scheme to use. The default is | |
459 | .BR blowfish\-cbc . | |
460 | .TP | |
461 | .B hash | |
462 | Names the hash function to use. The default is | |
463 | .BR rmd160 . | |
464 | .TP | |
465 | .B mac | |
466 | Names the message authentication code to use. The name of the MAC may | |
467 | be followed by a | |
468 | .RB ` / ' | |
469 | and the desired tag length in bits. The default is | |
470 | .IB hash \-hmac | |
471 | at half the underlying hash function's output length. | |
472 | .TP | |
473 | .B mgf | |
474 | A `mask-generation function', used in the key-exchange. The default is | |
475 | .IB hash \-mgf | |
476 | and there's no good reason to change it. | |
b9066fbb | 477 | .SS "Using SLIP interfaces" |
478 | Though not for the faint of heart, it is possible to get | |
479 | .B tripe | |
480 | to read and write network packets to a pair of file descriptors using | |
481 | SLIP encapsulation. No fancy header compression of any kind is | |
98fdb08d | 482 | supported. |
483 | .PP | |
484 | Two usage modes are supported: a preallocation system, whereby SLIP | |
485 | interfaces are created and passed to the | |
486 | .B tripe | |
487 | server at startup; and a dynamic system, where the server runs a script | |
488 | to allocate a new SLIP interface when it needs one. It is possible to | |
489 | use a mixture of these two modes, starting | |
b9066fbb | 490 | .B tripe |
98fdb08d | 491 | with a few preallocated interfaces and having it allocate more |
492 | dynamically as it needs them. | |
493 | .PP | |
494 | The behaviour of | |
495 | .BR tripe 's | |
496 | SLIP driver is controlled by the | |
497 | .B TRIPE_SLIPIF | |
1f68dfc5 | 498 | environment variable. The server will not create SLIP tunnels if this |
499 | variable is not defined. The variable's value is a colon-delimited list | |
500 | of preallocated interfaces, followed optionally by the filename of a | |
501 | script to run to dynamically allocate more interfaces. | |
b9066fbb | 502 | .PP |
98fdb08d | 503 | A static allocation entry has the form |
b9066fbb | 504 | .IR infd [ \c |
505 | .BI , outfd \c | |
506 | .RB ] \c | |
507 | .BI = \c | |
98fdb08d | 508 | .IR ifname , |
b9066fbb | 509 | If the |
510 | .I outfd | |
511 | is omitted, the same file descriptor is used for input and output. | |
512 | .PP | |
98fdb08d | 513 | The dynamic allocation script must be named by an absolute or relative |
e04c2d50 | 514 | pathname, beginning with |
98fdb08d | 515 | .RB ` / ' |
516 | or | |
517 | .RB ` . '. | |
518 | The server will pass the script an argument, which is the name of the | |
519 | peer for which the interface is being created. The script should | |
520 | allocate a new SLIP interface (presumably by creating a pty pair), | |
521 | configure it appropriately, and write the interface's name to its | |
522 | standard output, followed by a newline. It should then read and write | |
523 | SLIP packets on its stdin and stdout. The script's stdin will be closed | |
524 | when the interface is no longer needed, and the server will attempt to | |
525 | send it a | |
526 | .B SIGTERM | |
527 | signal (though this may fail if the script runs with higher privileges | |
528 | than the server). | |
529 | .PP | |
b9066fbb | 530 | The output file descriptor should not block unless it really needs to: |
531 | the | |
532 | .B tripe | |
1f68dfc5 | 533 | daemon assumes that it won't, and will get wedged waiting for it to |
534 | accept output. | |
74eb47db | 535 | .SS "About the name" |
536 | The program's name is | |
537 | .BR tripe , | |
538 | all in lower-case. The name of the protocol it uses is `TrIPE', with | |
539 | four capital letters and one lower-case. The name stands for `Trivial | |
540 | IP Encryption'. | |
fc916a09 MW |
541 | . |
542 | .\"-------------------------------------------------------------------------- | |
74eb47db | 543 | .SH "BUGS" |
fc916a09 | 544 | . |
74eb47db | 545 | The code hasn't been audited. It may contain security bugs. If you |
546 | find one, please inform the author | |
547 | .IR immediately . | |
fc916a09 MW |
548 | . |
549 | .\"-------------------------------------------------------------------------- | |
74eb47db | 550 | .SH "SEE ALSO" |
fc916a09 | 551 | . |
74eb47db | 552 | .BR key (1), |
553 | .BR tripectl (1), | |
554 | .BR tripe\-admin (5). | |
555 | .PP | |
556 | .IR "The Trivial IP Encryption Protocol" , | |
557 | .IR "The Wrestlers Protocol" . | |
fc916a09 MW |
558 | . |
559 | .\"-------------------------------------------------------------------------- | |
74eb47db | 560 | .SH "AUTHOR" |
fc916a09 | 561 | . |
d36eda2a | 562 | Mark Wooding, <mdw@distorted.org.uk> |
fc916a09 MW |
563 | . |
564 | .\"----- That's all, folks -------------------------------------------------- |