| 1 | |
| 2 | _____ ___ ____ _____ |
| 3 | |_ _| _|_ _| _ \| ____| |
| 4 | | || '__| || |_) | _| |
| 5 | | || | | || __/| |___ |
| 6 | |_||_| |___|_| |_____| |
| 7 | |
| 8 | Trivial IP Encryption |
| 9 | |
| 10 | |
| 11 | * Brief introduction |
| 12 | |
| 13 | ** What TrIPE does |
| 14 | |
| 15 | TrIPE is a fairly simple network protocol for securely transferring IP |
| 16 | packets over hostile networks, using cryptography to ensure their |
| 17 | secrecy and authenticity. It is used to construct `virtual private |
| 18 | networks', which securely connect geographically separated hosts and |
| 19 | physical networks into a single virtual network. The name stands for |
| 20 | `Trivial IP Encryption'. |
| 21 | |
| 22 | The tripe suite, of which this file is part, consists of a server which |
| 23 | implements this protocol, together with a number of utilities, scripts |
| 24 | and ancillary services which assist in configuring and maintaining the |
| 25 | server. |
| 26 | |
| 27 | ** Supported operating systems |
| 28 | |
| 29 | The main server ought to build on more or less any Unix-like operating |
| 30 | system. The author only has Linux readily to hand, so it doesn't get |
| 31 | tested much on other systems, but porting should be easy. The only |
| 32 | nonportable aspect is the use of tunnel interfaces, though the server |
| 33 | can fall back to using SLIP, which almost every Unix ought to be able to |
| 34 | cope with. There is code already for dealing with Linux's TUN/TAP |
| 35 | driver, and *BSD's tunnels (and an obsolete tun-like device the author |
| 36 | wrote for Linux a long time ago). If other systems have similar |
| 37 | devices, it should be easy to add support. |
| 38 | |
| 39 | A Windows port is a more daunting prospect. The author is currently |
| 40 | considering a lash-up port using Cygwin and the OpenVPN Win32-tun |
| 41 | driver, but hasn't started work. |
| 42 | |
| 43 | Other parts of the system are a bit more Linux specific. For example, |
| 44 | the interface configuration script `tripe-ifup' exists only in a |
| 45 | Linux-specific version. (Writing a new version for some other system is |
| 46 | very straightforward, though.) The `pathmtu' utility is more |
| 47 | problematic: I don't know how to do this well for *BSD, for example. |
| 48 | Contributions are welcome! |
| 49 | |
| 50 | ** Licence |
| 51 | |
| 52 | The TrIPE suite is free software. You may modify and/or redistribute |
| 53 | it, under the terms of the GNU General Public License, either version 2 |
| 54 | or, at your option, any later version. There should be a copy of this |
| 55 | licence included in the source distribution. Pre-built binary packages, |
| 56 | e.g., for Debian GNU/Linux, may not include it, on the assumption that |
| 57 | Debian already has a copy in /usr/share/common-licenses/GPL-2. |
| 58 | |
| 59 | There are no restrictions on the use of the network protocol. |
| 60 | |
| 61 | ** Finding out more |
| 62 | |
| 63 | There is fairly extensive documentation on the various components of the |
| 64 | TrIPE suite. The tripe.7 manpage aims to provide an overview of the |
| 65 | system, so it may be a good place to start reading. |
| 66 | |
| 67 | * Building the tripe suite from a source distribution |
| 68 | |
| 69 | ** Prerequisites |
| 70 | |
| 71 | In order to compile the tripe suite, you must have a number of other |
| 72 | packages already installed. |
| 73 | |
| 74 | Package name Version Needed for |
| 75 | |
| 76 | mLib 2.5.0 S K V M + |
| 77 | Catacomb 2.1.0 S K |
| 78 | Python 2.4 K V M |
| 79 | mLib-Python 1.0.0 V M |
| 80 | Catacomb-Python 1.0.0 K |
| 81 | PyGTK 2.12.0 M |
| 82 | python-cdb 0.32 V |
| 83 | |
| 84 | Key: |
| 85 | S: server (you really need this) |
| 86 | K: key management utility |
| 87 | V: peer connection services |
| 88 | M: graphical monitor |
| 89 | +: various other utilities |
| 90 | |
| 91 | The mLib and Catacomb libraries, and their Python bindings, are probably |
| 92 | available from the same place you found this. |
| 93 | |
| 94 | ** Building and installing |
| 95 | |
| 96 | The source distribution should contain a `configure' script. In theory, |
| 97 | it should be sufficient to run |
| 98 | |
| 99 | $ ./configure |
| 100 | $ make |
| 101 | $ make check |
| 102 | $ sudo make install |
| 103 | |
| 104 | (or use your preferred means of attaining superuser privileges). If you |
| 105 | don't want to clutter the source tree with object files, change to a |
| 106 | clean directory and run |
| 107 | |
| 108 | $ SRCDIR/.configure |
| 109 | $ make |
| 110 | |
| 111 | etc., where SRCDIR is where you put the sources. |
| 112 | |
| 113 | The configure script should make sensible choices about the tunnel |
| 114 | devices available on your system. If it doesn't, you can force its hand |
| 115 | by saying something like |
| 116 | |
| 117 | $ ./configure --with-tunnel="linux slip" |
| 118 | |
| 119 | There are also configure-time options for choosing default directories |
| 120 | and filenames (e.g., where to find configuration files, where to write |
| 121 | logs). These can all be overridden using command line options if |
| 122 | necessary. |
| 123 | |
| 124 | For full details about the configure-time options, run |
| 125 | |
| 126 | $ ./configure --help |
| 127 | |
| 128 | A script to start and stop the server is generated as part of the build, |
| 129 | as init/tripe-init. If you have a System V-style init, you can drop |
| 130 | this script into /etc/init.d (or your equivalent), and link it into the |
| 131 | relevant /etc/rc.d directories. |
| 132 | |
| 133 | ** Building from Git |
| 134 | |
| 135 | This section is mainly relevant to those who wish to participate in |
| 136 | TrIPE development. If you just want to use the tripe suite, you're |
| 137 | probably best off using a source distribution tarball. |
| 138 | |
| 139 | The author maintains the tripe sources using Git. The files checked |
| 140 | into Git omit many files provided in distribution tarballs, because |
| 141 | they're really maintained in separate projects. The first thing you |
| 142 | need to do, then, is reconstruct these files. You need the following: |
| 143 | |
| 144 | cfd 1.3.4 |
| 145 | Autoconf 2.61 |
| 146 | Automake 1.8 |
| 147 | Autoconf-archive 2007-05-12 |
| 148 | |
| 149 | Make sure that the `aclocal' program can find the macros in the Autoconf |
| 150 | archive. Then run |
| 151 | |
| 152 | $ mdw-setup |
| 153 | |
| 154 | This ought, magically, to construct the `configure' script and all the |
| 155 | Makefile.in files. You should now be able to build the system as if you |
| 156 | had sources. |
| 157 | |
| 158 | The only thing which will still be missing is the `RELEASE' file, which |
| 159 | just contains the package version number. Instead, tripe's build system |
| 160 | will work this out by looking at your Git repository. |
| 161 | |
| 162 | * Contacting the author |
| 163 | |
| 164 | If you need want to complain about bugs, build problems, or missing |
| 165 | features, or suggest improvements, or ask about how things work, send |
| 166 | email to |
| 167 | |
| 168 | Mark Wooding <mdw@distorted.org.uk> |
| 169 | |
| 170 | Currently there is no mailing list for discussion of TrIPE development. |
| 171 | If there seems to be sufficient interest, I'll set one up. |
| 172 | |
| 173 | \f |
| 174 | Local variables: |
| 175 | mode: outline |
| 176 | fill-column: 72 |
| 177 | End: |