6.4. CIPE Installation

The installation of CIPE is equivalent to installing a network interface under Linux. The cipe RPM package contains configuration files found in /etc/cipe/, the CIPE daemon (/usr/sbin/ciped-cb), network scripts that load the kernel module and activates/deactivates the CIPE interface (if*-cipcb), and sample configuration files found in /usr/share/doc/cipe-<version>/samples/. There is also a detailed texinfo page explaining the CIPE protocol and various implementation details.

The following guide details a sample configuration involving a workstation client that wants to connect securely to a remote LAN with a CIPE gateway. The workstation uses a dynamic IP address from a cable modem connection, while the CIPE-enabled gateway machine employs the 192.168.1.0/24 range. This is what is known as a "typical" CIPE configuration. Figure 6-1 illustrates the typical CIPE setup.

Installing CIPE between the client and the CIPE server allows for a secured peer-to-peer connection using the Internet as a medium for transmission of WAN traffic. The client workstation then transfers a file through the Internet to the CIPE-enabled firewall, where each packet will be timestamped and given the peer address of the receiving CIPE-enabled firewall. The destination firewall then reads the header information, strips it, and sends it through to the remote LAN router to be then routed to its destination node. This process is seamless and completely transparent to end users. The majority of the transaction is done between the CIPE-enabled peers.