Commit | Line | Data |
---|---|---|
0fa31a96 | 1 | |
e6c835fd MW |
2 | _____ ___ ____ _____ |
3 | |_ _| _|_ _| _ \| ____| | |
4 | | || '__| || |_) | _| | |
5 | | || | | || __/| |___ | |
6 | |_||_| |___|_| |_____| | |
0fa31a96 | 7 | |
e6c835fd | 8 | Trivial IP Encryption |
0fa31a96 | 9 | |
0fa31a96 | 10 | |
e6c835fd | 11 | * Brief introduction |
0fa31a96 | 12 | |
e6c835fd | 13 | ** What TrIPE does |
0fa31a96 | 14 | |
e6c835fd MW |
15 | TrIPE is a fairly simple network protocol for securely transferring IP |
16 | packets over hostile networks, using cryptography to ensure their | |
17 | secrecy and authenticity. It is used to construct `virtual private | |
18 | networks', which securely connect geographically separated hosts and | |
19 | physical networks into a single virtual network. The name stands for | |
20 | `Trivial IP Encryption'. | |
0fa31a96 | 21 | |
e6c835fd MW |
22 | The tripe suite, of which this file is part, consists of a server which |
23 | implements this protocol, together with a number of utilities, scripts | |
24 | and ancillary services which assist in configuring and maintaining the | |
25 | server. | |
0fa31a96 | 26 | |
e6c835fd | 27 | ** Supported operating systems |
0fa31a96 | 28 | |
e6c835fd MW |
29 | The main server ought to build on more or less any Unix-like operating |
30 | system. The author only has Linux readily to hand, so it doesn't get | |
31 | tested much on other systems, but porting should be easy. The only | |
32 | nonportable aspect is the use of tunnel interfaces, though the server | |
33 | can fall back to using SLIP, which almost every Unix ought to be able to | |
34 | cope with. There is code already for dealing with Linux's TUN/TAP | |
35 | driver, and *BSD's tunnels (and an obsolete tun-like device the author | |
36 | wrote for Linux a long time ago). If other systems have similar | |
37 | devices, it should be easy to add support. | |
0fa31a96 | 38 | |
e6c835fd MW |
39 | A Windows port is a more daunting prospect. The author is currently |
40 | considering a lash-up port using Cygwin and the OpenVPN Win32-tun | |
41 | driver, but hasn't started work. | |
0fa31a96 | 42 | |
e6c835fd MW |
43 | Other parts of the system are a bit more Linux specific. For example, |
44 | the interface configuration script `tripe-ifup' exists only in a | |
45 | Linux-specific version. (Writing a new version for some other system is | |
46 | very straightforward, though.) The `pathmtu' utility is more | |
47 | problematic: I don't know how to do this well for *BSD, for example. | |
48 | Contributions are welcome! | |
0fa31a96 | 49 | |
e6c835fd | 50 | ** Licence |
0fa31a96 | 51 | |
e6c835fd MW |
52 | The TrIPE suite is free software. You may modify and/or redistribute |
53 | it, under the terms of the GNU General Public License, either version 2 | |
54 | or, at your option, any later version. There should be a copy of this | |
55 | licence included in the source distribution. Pre-built binary packages, | |
56 | e.g., for Debian GNU/Linux, may not include it, on the assumption that | |
57 | Debian already has a copy in /usr/share/common-licenses/GPL-2. | |
0fa31a96 | 58 | |
e6c835fd | 59 | There are no restrictions on the use of the network protocol. |
0fa31a96 | 60 | |
e6c835fd | 61 | ** Finding out more |
0fa31a96 | 62 | |
e6c835fd MW |
63 | There is fairly extensive documentation on the various components of the |
64 | TrIPE suite. The tripe.7 manpage aims to provide an overview of the | |
65 | system, so it may be a good place to start reading. | |
66 | ||
67 | * Building the tripe suite from a source distribution | |
68 | ||
69 | ** Prerequisites | |
70 | ||
71 | In order to compile the tripe suite, you must have a number of other | |
72 | packages already installed. | |
73 | ||
74 | Package name Version Needed for | |
75 | ||
76 | mLib 2.5.0 S K V M + | |
77 | Catacomb 2.1.0 S K | |
78 | Python 2.4 K V M | |
79 | mLib-Python 1.0.0 V M | |
80 | Catacomb-Python 1.0.0 K | |
81 | PyGTK 2.12.0 M | |
82 | python-cdb 0.32 V | |
83 | ||
84 | Key: | |
85 | S: server (you really need this) | |
86 | K: key management utility | |
87 | V: peer connection services | |
88 | M: graphical monitor | |
89 | +: various other utilities | |
90 | ||
91 | The mLib and Catacomb libraries, and their Python bindings, are probably | |
92 | available from the same place you found this. | |
93 | ||
94 | ** Building and installing | |
95 | ||
96 | The source distribution should contain a `configure' script. In theory, | |
97 | it should be sufficient to run | |
98 | ||
99 | $ ./configure | |
100 | $ make | |
101 | $ make check | |
102 | $ sudo make install | |
103 | ||
104 | (or use your preferred means of attaining superuser privileges). If you | |
105 | don't want to clutter the source tree with object files, change to a | |
106 | clean directory and run | |
107 | ||
108 | $ SRCDIR/.configure | |
109 | $ make | |
110 | ||
111 | etc., where SRCDIR is where you put the sources. | |
112 | ||
113 | The configure script should make sensible choices about the tunnel | |
114 | devices available on your system. If it doesn't, you can force its hand | |
115 | by saying something like | |
116 | ||
117 | $ ./configure --with-tunnel="linux slip" | |
118 | ||
119 | There are also configure-time options for choosing default directories | |
120 | and filenames (e.g., where to find configuration files, where to write | |
121 | logs). These can all be overridden using command line options if | |
122 | necessary. | |
123 | ||
124 | For full details about the configure-time options, run | |
125 | ||
126 | $ ./configure --help | |
127 | ||
128 | A script to start and stop the server is generated as part of the build, | |
129 | as init/tripe-init. If you have a System V-style init, you can drop | |
130 | this script into /etc/init.d (or your equivalent), and link it into the | |
131 | relevant /etc/rc.d directories. | |
132 | ||
133 | ** Building from Git | |
134 | ||
135 | This section is mainly relevant to those who wish to participate in | |
136 | TrIPE development. If you just want to use the tripe suite, you're | |
137 | probably best off using a source distribution tarball. | |
138 | ||
139 | The author maintains the tripe sources using Git. The files checked | |
140 | into Git omit many files provided in distribution tarballs, because | |
141 | they're really maintained in separate projects. The first thing you | |
142 | need to do, then, is reconstruct these files. You need the following: | |
143 | ||
144 | cfd 1.3.4 | |
145 | Autoconf 2.61 | |
146 | Automake 1.8 | |
147 | Autoconf-archive 2007-05-12 | |
148 | ||
149 | Make sure that the `aclocal' program can find the macros in the Autoconf | |
150 | archive. Then run | |
151 | ||
152 | $ mdw-setup | |
153 | ||
154 | This ought, magically, to construct the `configure' script and all the | |
155 | Makefile.in files. You should now be able to build the system as if you | |
156 | had sources. | |
157 | ||
158 | The only thing which will still be missing is the `RELEASE' file, which | |
159 | just contains the package version number. Instead, tripe's build system | |
160 | will work this out by looking at your Git repository. | |
161 | ||
162 | * Contacting the author | |
163 | ||
164 | If you need want to complain about bugs, build problems, or missing | |
165 | features, or suggest improvements, or ask about how things work, send | |
166 | email to | |
167 | ||
168 | Mark Wooding <mdw@distorted.org.uk> | |
169 | ||
170 | Currently there is no mailing list for discussion of TrIPE development. | |
171 | If there seems to be sufficient interest, I'll set one up. | |
172 | ||
173 | \f | |
174 | Local variables: | |
175 | mode: outline | |
176 | fill-column: 72 | |
177 | End: |