| 1 | .\" -*-nroff-*- |
| 2 | .\". |
| 3 | .de hP |
| 4 | .IP |
| 5 | \h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c |
| 6 | .. |
| 7 | .de VS |
| 8 | .sp 1 |
| 9 | .RS |
| 10 | .nf |
| 11 | .ft B |
| 12 | .. |
| 13 | .de VE |
| 14 | .ft R |
| 15 | .fi |
| 16 | .RE |
| 17 | .sp 1 |
| 18 | .. |
| 19 | .ie t \{\ |
| 20 | . ds o \(bu |
| 21 | . ds ss \s8\u |
| 22 | . ds se \d\s0 |
| 23 | . if \n(.g \{\ |
| 24 | . fam P |
| 25 | . \} |
| 26 | .\} |
| 27 | .el \{\ |
| 28 | . ds o o |
| 29 | . ds ss ^ |
| 30 | . ds se _ |
| 31 | .\} |
| 32 | .TH tripe 8 "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" |
| 33 | .SH "NAME" |
| 34 | tripe \- a simple VPN daemon |
| 35 | .SH "SYNOPSIS" |
| 36 | .B tripe |
| 37 | .RB [ \-D ] |
| 38 | .RB [ \-p |
| 39 | .IR port ] |
| 40 | .RB [ \-T |
| 41 | .IR trace-opts ] |
| 42 | .RB [ \-d |
| 43 | .IR dir ] |
| 44 | .RB [ \-a |
| 45 | .IR socket ] |
| 46 | .br |
| 47 | |
| 48 | .RB [ \-k |
| 49 | .IR priv-keyring ] |
| 50 | .RB [ \-K |
| 51 | .IR pub-keyring ] |
| 52 | .RB [ \-t |
| 53 | .IR key-tag ] |
| 54 | .SH "DESCRIPTION" |
| 55 | The |
| 56 | .B tripe |
| 57 | program is a server which can provide strong IP-level encryption and |
| 58 | authentication between two co-operating hosts. The program and its |
| 59 | protocol are deliberately very simple, to make analysing them easy and |
| 60 | to help build trust rapidly in the system. |
| 61 | .SS "Overview" |
| 62 | The |
| 63 | .B tripe |
| 64 | server manages a number of secure connections to other `peer' hosts. |
| 65 | Each daemon is given a private key of its own, and a file of public keys |
| 66 | for the peers with which it is meant to communicate. It is responsible |
| 67 | for negotiating sets of symmetric keys with its peers, and for |
| 68 | encrypting, encapsulating and sending IP packets to its peers, and |
| 69 | decrypting, checking and de-encapsulating packets it receives from |
| 70 | them. |
| 71 | .PP |
| 72 | When the server starts, it creates a Unix-domain socket on which it |
| 73 | listens for administration commands. It also logs warnings and |
| 74 | diagnostic information to the programs connected to its admin socket. |
| 75 | Clients connected to the socket can add new peers, and remove or find |
| 76 | out about existing peers. The textual protocol used to give the |
| 77 | .B tripe |
| 78 | server admin commands is described in |
| 79 | .BR tripe\-admin (5). |
| 80 | A client program |
| 81 | .BR tripectl (1) |
| 82 | is provided to allow commands to be sent to the server either |
| 83 | interactively or by simple scripts. |
| 84 | .SS "Command-line arguments" |
| 85 | If not given any command-line arguments, |
| 86 | .B tripe |
| 87 | will initialize by following these steps: |
| 88 | .hP \*o |
| 89 | It changes directory to |
| 90 | .BR /var/lib/tripe . |
| 91 | .hP \*o |
| 92 | It acquires a UDP socket with an arbitrary kernel-selected port number. |
| 93 | It will use this socket to send and receive all communications with its |
| 94 | peer servers. The port chosen may be discovered by means of the |
| 95 | .B PORT |
| 96 | admin command (see |
| 97 | .BR tripe\-admin (5)). |
| 98 | .hP \*o |
| 99 | It loads the private key with the tag or type name |
| 100 | .B tripe\-dh |
| 101 | from the Catacomb-format file |
| 102 | .BR keyring , |
| 103 | and loads the file |
| 104 | .B keyring.pub |
| 105 | ready for extracting the public keys of peers as they're introduced. |
| 106 | (The format of these files is described in |
| 107 | .BR keyring (5). |
| 108 | They are maintained using the program |
| 109 | .BR key (1) |
| 110 | provided with the Catacomb distribution.) |
| 111 | .hP \*o |
| 112 | It creates and listens to the Unix-domain socket |
| 113 | .BR tripesock . |
| 114 | .PP |
| 115 | Following this, the server enters its main loop, accepting admin |
| 116 | connections and obeying any administrative commands, and communicating |
| 117 | with peers. It also treats its standard input and standard output |
| 118 | streams as an admin connection, reading commands from standard input and |
| 119 | writing responses and diagnostics messages to standard output. |
| 120 | .PP |
| 121 | Much of this behaviour may be altered by giving |
| 122 | .B tripe |
| 123 | suitable command-line options: |
| 124 | .TP |
| 125 | .B "\-h, \-\-help" |
| 126 | Writes a brief description of the command-line options available to |
| 127 | standard output and exits with status 0. |
| 128 | .TP |
| 129 | .B "\-v, \-\-version" |
| 130 | Writes |
| 131 | .BR tripe 's |
| 132 | version number to standard output and exits with status 0. |
| 133 | .TP |
| 134 | .B "\-u, \-\-usage" |
| 135 | Writes a brief usage summary to standard output and exits with status 0. |
| 136 | .TP |
| 137 | .B "\-D, \-\-daemon" |
| 138 | Dissociates from its terminal and starts running in the background after |
| 139 | completing the initialization procedure described above. If running as |
| 140 | a daemon, |
| 141 | .B tripe |
| 142 | will not read commands from standard input or write diagnostics to |
| 143 | standard output. A better way to start |
| 144 | .B tripe |
| 145 | in the background is with |
| 146 | .BR tripectl (1). |
| 147 | .TP |
| 148 | .BI "\-d, \-\-directory=" dir |
| 149 | Makes |
| 150 | .I dir |
| 151 | the current directory, instead of |
| 152 | .BR /var/lib/tripe . |
| 153 | Give a current directory of |
| 154 | .B . |
| 155 | if you don't want it to change directory at all. |
| 156 | .TP |
| 157 | .BI "\-p, \-\-port=" port |
| 158 | Use the specified UDP port for all communications with peers, rather |
| 159 | than an arbitarary kernel-assigned port. |
| 160 | .TP |
| 161 | .BI "\-k, \-\-priv\-keyring=" file |
| 162 | Reads the private key from |
| 163 | .I file |
| 164 | rather than the default |
| 165 | .BR keyring . |
| 166 | .TP |
| 167 | .BI "\-K, \-\-pub\-keyring=" file |
| 168 | Reads public keys from |
| 169 | .I file |
| 170 | rather than the default |
| 171 | .BR keyring.pub . |
| 172 | This can be the same as the private keyring, but that's not recommended. |
| 173 | .TP |
| 174 | .BI "\-t, \-\-tag=" tag |
| 175 | Uses the private key whose tag or type is |
| 176 | .I tag |
| 177 | rather than the default |
| 178 | .BR tripe\-dh . |
| 179 | .TP |
| 180 | .BI "\-a, \-\-admin\-socket=" socket |
| 181 | Accept admin connections to a Unix-domain socket named |
| 182 | .I socket |
| 183 | rather than the default |
| 184 | .BR tripesock . |
| 185 | .TP |
| 186 | .BI "\-T, \-\-trace=" trace-opts |
| 187 | Allows the enabling or disabling of various internal diagnostics. See |
| 188 | below for the list of options. |
| 189 | .SS "Key management" |
| 190 | The TrIPE protocol requires all cooperating hosts to be using keys |
| 191 | with the same group parameters. A suitable group may be created with the |
| 192 | command: |
| 193 | .VS |
| 194 | key add \-adh\-param \-LS \-b2048 \-B256 \e |
| 195 | \-eforever \-tparam tripe\-dh\-param |
| 196 | .VE |
| 197 | This creates a `parameters' key labelled |
| 198 | .B param |
| 199 | in your keyring file: it doesn't contain any secrets. You may vary the |
| 200 | security parameters |
| 201 | .B \-b |
| 202 | and |
| 203 | .B \-B |
| 204 | to taste: the ones given provide good security, at the expense of |
| 205 | performance. Even so, from a cryptographic point of view, these keys |
| 206 | will be the weak point in the security of the system. Generation of the |
| 207 | group parameters can take a few minutes. |
| 208 | .PP |
| 209 | You should extract the parameters from your keyring and distribute them |
| 210 | (securely) to the other administrators. The parameters may be extracted |
| 211 | from your keyring with the command: |
| 212 | .VS |
| 213 | key extract param param |
| 214 | .VE |
| 215 | This may be merged into a keyring with: |
| 216 | .VS |
| 217 | key merge param |
| 218 | .VE |
| 219 | Once your keyring contains the parameters, a suitable key can be created |
| 220 | with the command: |
| 221 | .VS |
| 222 | key add \-adh \-pparam \-e"now + 1 year" tripe\-dh |
| 223 | .VE |
| 224 | This creates a Diffie-Hellman key using the parameters from key |
| 225 | .B param |
| 226 | which expires in one year. The new key has type |
| 227 | .BR tripe\-dh . |
| 228 | |
| 229 | .SS "About the name" |
| 230 | The program's name is |
| 231 | .BR tripe , |
| 232 | all in lower-case. The name of the protocol it uses is `TrIPE', with |
| 233 | four capital letters and one lower-case. The name stands for `Trivial |
| 234 | IP Encryption'. |
| 235 | .SH "BUGS" |
| 236 | It's too easy to deny service during key exchange. If both ends are |
| 237 | honest, they'll notice any interference and resend their packets, but |
| 238 | it's possible to delay successful negotation for as long as desired by |
| 239 | sending bogus key exchange messages. |
| 240 | .PP |
| 241 | The code hasn't been audited. It may contain security bugs. If you |
| 242 | find one, please inform the author |
| 243 | .IR immediately . |
| 244 | .SH "SEE ALSO" |
| 245 | .BR key (1), |
| 246 | .BR tripectl (1), |
| 247 | .BR tripe\-admin (5). |
| 248 | .PP |
| 249 | .IR "The Trivial IP Encryption Protocol" , |
| 250 | .IR "The Wrestlers Protocol" . |
| 251 | .SH "AUTHOR" |
| 252 | Mark Wooding, <mdw@nsict.org> |