6.2. Crypto IP Encapsulation (CIPE)

CIPE is a VPN implementation developed primarily for Linux. CIPE uses encrypted IP packets that are encapsulated, or wrapped, in datagram (UDP) packets. CIPE packets are given destination header information and are encrypted using the default CIPE encryption mechanism. The packets are then transferred over IP as UDP packets via the CIPE virtual network device (cipcbx) over a carrier network to an intended remote node. Figure 6-1 shows a typical CIPE setup connecting two Linux-based networks:

This diagram shows a network running CIPE on the firewall, and a remote client machine acting as a CIPE-enabled node. The CIPE connection acts as a tunnel through which all Intranet-bound data is routed between remote nodes. All data is encrypted using dynamically-generated 128-bit keys and can be further compressed for large file transfers or to tunnel X applications to a remote host. CIPE can be configured for communication between two or more CIPE-enabled Linux machines and has network drivers for Win32-based operating systems.