| 1 | SETTING UP TRIPE FOR DEBIAN GNU/LINUX |
| 2 | |
| 3 | Firstly, you need to set up public key parameters. To generate |
| 4 | a new set, run |
| 5 | |
| 6 | # cd /etc/tripe |
| 7 | # key add -adh-param -LS -b2048 -B256 -eforever \ |
| 8 | -tparam tripe-dh-param |
| 9 | # key extract param param |
| 10 | |
| 11 | (Feel free to twiddle these settings. Read key(1) for details |
| 12 | about the various options.) You can now copy the file `param' |
| 13 | to the other hosts which will participate in the VPN. If you |
| 14 | already have a `param' file from this procedure, you should |
| 15 | copy it into /etc/tripe and run |
| 16 | |
| 17 | # key merge param |
| 18 | |
| 19 | instead. |
| 20 | |
| 21 | Now, generate a public key. Before you can do this, you'll need |
| 22 | to give this host a name. Let's say we've chosen `alice' as the |
| 23 | name. Run |
| 24 | |
| 25 | # key add -adh -pparam -talice -e"now + 1 year" tripe-dh |
| 26 | # key extract -f-secret alice.pub alice |
| 27 | # key -kkeyring.pub merge alice.pub |
| 28 | |
| 29 | Now copy `alice.pub' to the other hosts, and run the `key merge' |
| 30 | command on each of them. Also merge the keys from the other |
| 31 | hosts into alice's `keyring.pub' file. |
| 32 | |
| 33 | Finally, you need to write a script in /etc/tripe/peers for each |
| 34 | peer you want to communicate with. The following template works |
| 35 | OK. |
| 36 | |
| 37 | #! /bin/sh |
| 38 | |
| 39 | set -e |
| 40 | |
| 41 | PEER=... # The peer's name |
| 42 | PEERADDR=... # Peer's publicly-routable address |
| 43 | PEERPORT=4070 # Port peer is listening on |
| 44 | LOCAL=... # My address for point-to-point |
| 45 | REMOTE=... # His address for point-to-point |
| 46 | RNET=... # Remote network address |
| 47 | RMASK=... # Netmask of remote network |
| 48 | |
| 49 | tripectl add $PEER $PEERADDR $PEERPORT |
| 50 | ifname=`tripectl ifname $PEER` |
| 51 | ifconfig $ifname $LOCAL pointopoint $REMOTE mtu 1429 |
| 52 | route add -net $RNET netmask $RMASK gw $REMOTE |
| 53 | |