6.7. Customizing CIPE

CIPE can be configured in numerous ways, from passing parameters as command line arguments when starting ciped to generating new shared static keys. This allows a security administrator the flexibility to customize CIPE sessions to ensure security as well as increase productivity.

NoteNote
 

The most common parameters should be placed in the /etc/cipe/options.cipcbx file for automatic loading at runtime.

Be aware that any parameters passed at the command line as options will override respective parameters set in the /etc/cipe/options.cipcbx configuration file.

Table 6-1 details some of the command-line parameters when running the ciped daemon.

ParameterDescription
argPasses arguments to the /etc/cipe/ip-up initialization script
cttlSets the Carrier Time To Live (TTL) value; recommended value is 64
debugBoolean value to enable debugging
deviceNames the CIPE device
ipaddrPublicly-routable IP address of the CIPE machine
ipdownChoose an alternate ip-down script than the default /etc/cipe/ip-down
ipupChoose an alternate ip-up script than the default /etc/cipe/ip-up
keySpecifies a shared static key for CIPE connection
maxerrNumber of errors allowable before the CIPE daemon quits
meUDP address of the CIPE machine
mtuSet the device maximum transfer unit
nokeyDo not use encryption
peerThe peer's CIPE UDP address
pingSet CIPE-specific (non-ICMP) keepalive ping interval
socksIP address and port number of the SOCKS server for proxy connections
tokeySet dynamic key lifetime; default is 10 minutes (600 seconds)
tokxcTimeout value for shared key exchange; default is 10 seconds
tokxtsShared key exchange timestamp timeout value; default is 0 (no timestamps)
topingTimeout value for keepalive pings; default is 0

Table 6-1. CIPE Parameters