[tripe] / debian / tripe.README

SETTING UP TRIPE FOR DEBIAN GNU/LINUX

	Firstly, you need to set up public key parameters.  To generate 
	a new set, run

	  # cd /etc/tripe
	  # key add -adh-param -LS -b2048 -B256 -eforever \
		-tparam tripe-dh-param
	  # key extract param param

	(Feel free to twiddle these settings.  Read key(1) for details
	about the various options.)  You can now copy the file `param'
	to the other hosts which will participate in the VPN.  If you
	already have a `param' file from this procedure, you should
	copy it into /etc/tripe and run

	  # key merge param

	instead.

	Now, generate a public key.  Before you can do this, you'll need
	to give this host a name.  Let's say we've chosen `alice' as the
	name.  Run

	  # key add -adh -pparam -talice -e"now + 1 year" tripe-dh
	  # key extract -f-secret alice.pub alice
	  # key -kkeyring.pub merge alice.pub

	Now copy `alice.pub' to the other hosts, and run the `key merge'
	command on each of them.  Also merge the keys from the other
	hosts into alice's `keyring.pub' file.

	Finally, you need to write a script in /etc/tripe/peers for each
	peer you want to communicate with.  The following template works
	OK.

	  #! /bin/sh

	  set -e

	  PEER=...		# The peer's name
	  PEERADDR=...		# Peer's publicly-routable address
	  PEERPORT=22003	# Port peer is listening on
	  LOCAL=...		# My address for point-to-point
	  REMOTE=...		# His address for point-to-point
	  RNET=...		# Remote network address
	  RMASK=...		# Netmask of remote network

	  tripectl add $PEER $PEERADDR $PEERPORT
	  ifname=`tripectl ifname $PEER`
	  ifconfig $ifname $LOCAL pointopoint $REMOTE mtu 1429
	  route add -net $RNET netmask $RMASK gw $REMOTE
Commit	Line	Data
ef4a1ab7	1	SETTING UP TRIPE FOR DEBIAN GNU/LINUX
	2
	3	Firstly, you need to set up public key parameters. To generate
	4	a new set, run
	5
	6	# cd /etc/tripe
	7	# key add -adh-param -LS -b2048 -B256 -eforever \
	8	-tparam tripe-dh-param
	9	# key extract param param
	10
	11	(Feel free to twiddle these settings. Read key(1) for details
	12	about the various options.) You can now copy the file `param'
	13	to the other hosts which will participate in the VPN. If you
	14	already have a `param' file from this procedure, you should
	15	copy it into /etc/tripe and run
	16
	17	# key merge param
	18
	19	instead.
	20
	21	Now, generate a public key. Before you can do this, you'll need
	22	to give this host a name. Let's say we've chosen `alice' as the
	23	name. Run
	24
	25	# key add -adh -pparam -talice -e"now + 1 year" tripe-dh
	26	# key extract -f-secret alice.pub alice
	27	# key -kkeyring.pub merge alice.pub
	28
	29	Now copy `alice.pub' to the other hosts, and run the `key merge'
	30	command on each of them. Also merge the keys from the other
	31	hosts into alice's `keyring.pub' file.
	32
	33	Finally, you need to write a script in /etc/tripe/peers for each
	34	peer you want to communicate with. The following template works
	35	OK.
	36
	37	#! /bin/sh
	38
	39	set -e
	40
	41	PEER=... # The peer's name
	42	PEERADDR=... # Peer's publicly-routable address
	43	PEERPORT=22003 # Port peer is listening on
	44	LOCAL=... # My address for point-to-point
	45	REMOTE=... # His address for point-to-point
	46	RNET=... # Remote network address
	47	RMASK=... # Netmask of remote network
	48
	49	tripectl add $PEER $PEERADDR $PEERPORT
	50	ifname=`tripectl ifname $PEER`
	51	ifconfig $ifname $LOCAL pointopoint $REMOTE mtu 1429
	52	route add -net $RNET netmask $RMASK gw $REMOTE
	53