Cipe on 2.6.16.15
|
View:
New views
6 Messages
—
Rating Filter:
Alert me
|
 |
Cipe on 2.6.16.15
by Beat Rubischon-2
::
Rate this Message:
Hello!
Today I tried to upgrade a Debian Sarge based cipe concentrator from 2.6.8 to 2.6.16.15 and got several failures while compiling cipe. There are some changes in the CVS and patches on sourforge, but none of them helped. I understand some C, but fixing those bugs will be more then I'm able to do ;-) Are there any plans to continue working on cipe? Should I invest time in debugging or should I switch to a differten VPN protocol? Beat -- \|/ Beat Rubischon <beat@...> ( 0^0 ) http://www.0x1b.ch/~beat/ oOO--(_)--OOo--------------------------------------------------- Meine Erlebnisse, Gedanken und Traeume: http://www.0x1b.ch/blog/ -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe on 2.6.16.15
by Joachim Otahal
::
Rate this Message:
I did use cipe quite a long time too, but due to the missing working
windows client I had to switch to openvpn. You will be surprised how easy the setup is if you start with a fixed key and tun (or on windows as server tap) device as start. OpenVPN supports stronger encryption and has yet no "by design" security problem like cipe has, and has less problems with lossy connections. http://openvpn.net/ static key mini howto http://openvpn.net/static.html A "complete and working" serverconfig for "tun" with 192.168.52.24 as transfer net (a must for window clients) connecting 192.168.0.* with 192.168.1.* dev tun01 ifconfig 192.168.52.25 192.168.52.26 route-gateway 192.168.52.26 route 192.168.52.24 255.255.255.252 route 192.168.1.0 255.255.255.0 secret /etc/openvpn/static01.key ; compression comp-lzo ; Hold tunnel with more strength keepalive 10 60 ping-timer-rem persist-tun persist-key ; when run as daemon drop rights user nobody group nobody daemon The client config (linux or windows - doesn't matter, same config, just the key location changes): remote -ip-of-remote-or-some-dyndns-name dev tun01 ifconfig 192.168.52.26 192.168.52.25 route-gateway 192.168.252.25 route 192.168.52.25 255.255.255.252 route 192.168.0.0 255.255.255.0 secret /etc/openvpn/static01.key ; compression comp-lzo ; Hold tunnel with more strength keepalive 10 60 ping-timer-rem persist-tun persist-key That is all! BTW: Quite some code of cipe for Windows made it's way into the openvpn win32 tunnel driver. Cipe was the first good simple-config-quite-secure-tunnel program, but openvpn is now superior in many ways. Jou Beat Rubischon schrieb: > Hello! > > Today I tried to upgrade a Debian Sarge based cipe concentrator from 2.6.8 > to 2.6.16.15 and got several failures while compiling cipe. There are some > changes in the CVS and patches on sourforge, but none of them helped. > > I understand some C, but fixing those bugs will be more then I'm able to do > ;-) > > Are there any plans to continue working on cipe? Should I invest time in > debugging or should I switch to a differten VPN protocol? > > Beat > -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe on 2.6.16.15
by Karl Kleinpaste
::
Rate this Message:
Beat Rubischon <beat@...> writes:
> Should I invest time in > debugging or should I switch to a differten VPN protocol? (b) Take a look at www.openvpn.net. I've ended my use of CIPE entirely. It served me well for a decade, but its time is past. -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe on 2.6.16.15
by Peter van den Heuvel
::
Rate this Message:
> Cipe was the first good simple-config-quite-secure-tunnel program, but
> openvpn is now superior in many ways. Cipe and OpenVpn are quite different things. Cipe is well geared for equal-role server-to-server networks in a mesh configuration where you would typically use routing protocols like iBGP, OSPF or IS-IS. OpenVpn seems to work quite well where you want to connect clients to a server. I find it impossible (at this stage) to replace cipe with anything. -- Regards, Peter -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe on 2.6.16.15
by Joachim Otahal
::
Rate this Message:
Peter van den Heuvel schrieb:
>> Cipe was the first good simple-config-quite-secure-tunnel program, >> but openvpn is now superior in many ways. > Cipe and OpenVpn are quite different things. Cipe is well geared for > equal-role server-to-server networks in a mesh configuration where you > would typically use routing protocols like iBGP, OSPF or IS-IS. > OpenVpn seems to work quite well where you want to connect clients to > a server. > > I find it impossible (at this stage) to replace cipe with anything. Even on the danger of a "religious" war: That is exactly how I use openvpn, connecting a few servers only for their own mail exchange + depending on the location connecting the whole subnet of the location to the other office. By definition the setup for openvpn defines a server or client, but this is only a "who initiates the first connection" desicion, after the connect I don't see much difference, the config files look nearly identical. I will never use cipe again for any new setup. But I agree that a good working cipe setup doesn't really need to be exchanged. Or some cannot be exchanged due to the age of the machine and OS install. Jou -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe on 2.6.16.15
by Karl Kleinpaste
::
Rate this Message:
Peter van den Heuvel <peter@...> writes:
> Cipe is well geared for > equal-role server-to-server networks in a mesh configuration where you > would typically use routing protocols like iBGP, OSPF or > IS-IS. OpenVpn seems to work quite well where you want to connect > clients to a server. > I find it impossible (at this stage) to replace cipe with anything. Considering that I replaced my first CIPE peering configuration with OpenVPN in less than an hour (once I finally got around to experiment- ing with it), I can't agree with you. The addressing, gateways, static key management, and other details are in effect identical; only the config file syntax is different. There is no reason why anything that used to involve "cipcb0" cannot now use "tun0". And I no longer have to deal with separating configuration details from things like CIPE's ip-up script -- it's all in the one configuration file, including gateway setting and so forth. I have yet to deploy OpenVPN in a server-with-many-clients environment, simply because I haven't needed it. But for peering configurations, it is network-equivalent to CIPE. -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
| Free embeddable forum powered by Nabble | Forum Help |
