How To Configure a VPN With CIPE
The documentation shows how to setup a Virtual Private Network between your LAN and other LAN's using Cipe on linux masquerading firewall machines. It also shows an example masquerading firewall configuration.
Additional inf. - Important !!!
For a good job, otherwise is not working anyway :-), the folder /etc/cipe must have permission 700 (drwx------) and the option file must have 600 (-rw-------). Moreover the owner of those files must be the root.
CIPE configuration problem in RH7.3 and may be in other releases as well. If you use the "Network Configuration" (/usr/sbin/neat) to add a CIPE interface which you want to setup it in server mod (Remote Peer Address - PEER=0.0.0.0), the /etc/sysconfig/networking/devices/ifcfg-cipcbX file it is INCOMPLETE and will not work!!! You will not receive an error code, just not working. All things look ok... but it isn't, because the cipe did not listen for connection on your local address even if you typed well in the configuration dialog box. To work properly, your file (ifcfg-cipcbX) must look similar (except your own settings like IP and port no., of course). You must add as new line ME='your_real_IP' to the ifcfg-cipcbX like in the following example:
USERCTL='no' DEVICE='cipcbX' # your cipe interface TYPE='CIPE' ONBOOT='yes' # "no" if you don't want to activate on boot ME='10.0.0.1' # the red line must be inserted by # hand if this file was generated by "neat" (the # RH Network Configuration frontend tool) MYPORT='9999' # the local cipe port PEER='0.0.0.0' # live it 0.0.0.0 if you wanna work on all IP addresses IPADDR='192.168.0.1' # the local cipe address PTPADDR='192.168.0.2' # the remote cipe address
This bug will not affect your configuration file if you do not use the Remote Peer Address = 0.0.0.0 (PEER=0.0.0.0 line in ifcfg-cipcbX) or set the Remote Peer Address on Auto (the auto checkbox checked)