6.7. Customizing CIPE
CIPE can be configured in numerous ways, from passing parameters as command line arguments when starting ciped to generating new shared static keys. This allows a security administrator the flexibility to customize CIPE sessions to ensure security as well as increase productivity. The following chart details some of the command-line parameters when running the ciped daemon.
|
|
Note |
|---|---|
|
|
The most common parameters should be placed in the /etc/cipe/options.cipcbx file for automatic loading at runtime. Be aware that any parameters passed at the command line as options will override respective parameters set in the /etc/cipe/options.cipcbx configuration file. |
|
Parameter |
Description |
|---|---|
|
arg |
Passes arguments to the /etc/cipe/ip-up initialization script |
|
cttl |
Sets the Carrier Time To Live (TTL) value; recommended value is 64 |
|
debug |
Boolean value to enable debugging |
|
device |
Names the CIPE device |
|
ipaddr |
Publicly-routable IP address of the CIPE machine |
|
ipdown |
Choose an alternate ip-down script than the default /etc/cipe/ip-down |
|
ipup |
Choose an alternate ip-up script than the default /etc/cipe/ip-down |
|
key |
Specifies a shared static key for CIPE connection |
|
maxerr |
Number of errors allowable before the CIPE daemon quits |
|
me |
UDP address of the CIPE machine |
|
mtu |
Set the device maximum transfer unit |
|
nokey |
Do not use encryption |
|
peer |
The peer's CIPE UDP address |
|
ping |
Set CIPE-specific (non-ICMP) keepalive ping interval |
|
socks |
IP address and port number of the SOCKS server for proxy connections |
|
tokey |
Set dynamic key lifetime; default is 10 minutes (600 seconds) |
|
tokxc |
Timeout value for shared key exchange; default is 10 seconds |
|
tokxts |
Shared key exchange timestamp timeout value; default is 0 (no timestamps) |
|
toping |
Timeout value for keepalive pings; default is 0 |
Table 6-1. CIPE Parameters
