SETTING UP TRIPE FOR DEBIAN GNU/LINUX Firstly, you need to set up public key parameters. To generate a new set, run # cd /etc/tripe # key add -adh-param -LS -b2048 -B256 -eforever \ -tparam tripe-dh-param # key extract param param (Feel free to twiddle these settings. Read key(1) for details about the various options.) You can now copy the file `param' to the other hosts which will participate in the VPN. If you already have a `param' file from this procedure, you should copy it into /etc/tripe and run # key merge param instead. Now, generate a public key. Before you can do this, you'll need to give this host a name. Let's say we've chosen `alice' as the name. Run # key add -adh -pparam -talice -e"now + 1 year" tripe-dh # key extract -f-secret alice.pub alice # key -kkeyring.pub merge alice.pub Now copy `alice.pub' to the other hosts, and run the `key merge' command on each of them. Also merge the keys from the other hosts into alice's `keyring.pub' file. Finally, you need to write a script in /etc/tripe/peers for each peer you want to communicate with. The following template works OK. #! /bin/sh set -e PEER=... # The peer's name PEERADDR=... # Peer's publicly-routable address PEERPORT=4070 # Port peer is listening on LOCAL=... # My address for point-to-point REMOTE=... # His address for point-to-point RNET=... # Remote network address RMASK=... # Netmask of remote network tripectl add $PEER $PEERADDR $PEERPORT ifname=`tripectl ifname $PEER` ifconfig $ifname $LOCAL pointopoint $REMOTE mtu 1429 route add -net $RNET netmask $RMASK gw $REMOTE