CIPE - Crypto IP Encapsulation

Note: After many years in productive use, this has finally gotten obsolete. It was not updated to work with newer Linux kernels for a long time, and today other alternatives exist. I recommend (and use myself) OpenVPN instead.

This is an old project to build encrypting IP routers. It works by tunneling IP packets in encrypted UDP packets. The protocol is designed to be lightweight and simple. Special care has been taken to make this work over dynamic addresses, NAT and SOCKS proxies.

Implementations are currently available for Linux and Windows. The Windows stuff is being developed by Damion K. Wilson and can be found on the CIPE for Windows site.

Software

CVS archive and probably more stuff can now be found on the CIPE Project homepage at

Current stable release: 1.6.0

CIPE 1.6.0 (138k, tar.gz)
CIPE 1.5.4 (138k, tar.gz)
rrouted - user-space replacement for Linux 2.0's request-route (15k, C)
The Blowfish cipher implementation as used in CIPE. (These files are included in the CIPE package too, this separate tarball is for the convenience of people who want to use it in other projects.) (12k, tar.gz (C/i386-asm))

The Linux CIPE project is released under the GNU General Public License.

Documentation

CIPE FAQ page
Documentation for the Linux package in HTML format
Hints on making CIPE work on MIPS. (Applies to 1.3.0)
An explanation why PPP over SSH and similar solutions are not a good idea.
The protocol description for CIPE. An up-to-date version of this is also in the texinfo documentation.

Bug alerts

2002-01-07 Crasher in all previous versions [IMPORTANT PATCH]
2001-02-11 1.5.0 and pre-1.5.0 snapshots broken [IMPORTANT PATCH]
2001-02-11 tokxc option does not work in 1.2.0 through 1.4.5

Development history

These are the release numbers and development branches:

Release 1.0: This version is obsolete. It supported CIPE protocol 3 and only Linux 2.0.x.
Release 1.1: Matthew Grant has contributed a modified version of 0.5.6 that emulates an Ethernet interface and can run IPX and Appletalk over it. As this is an incompatible protocol it gets protocol number 4. Note: there is no real documentation on 1.1. Linux 2.0 only.
Release 1.2, 1.3: CIPE 1.2 and 1.3 supports Linux 2.0 through 2.2, and CIPE protocol version 3. Obsolete.
Release 1.4: This supports CIPE protocol 3 and all Linux versions from 2.0 through 2.4 (support for the 2.3/2.4 series was developed and tested from 2.3.48 through 2.4.0-test8).
Release 1.5: CIPE 1.5 brings back protocol 4 for newer Linux kernels and it is even possible to run an Ethernet bridge over CIPE (under 2.4 or using the bridge patches for 2.2).
CIPE 1.5 also contains the first version of PKCIPE.
Release 1.6: This supports Linux 2.6 and the kernel crypto API.

Note that the release numbering has nothing to do with the Linux versioning model. 1.1 is a branch parallel to 1.0, the rest are plain old consecutive stable releases.

Current development

It is planned to put additional functionality into PKCIPE, and make ciped independent of the module.

Access to latest code via CVS

The current development source can be checked out from the CVS repository. The following commands are needed:

cvs -d:pserver:anonymous@cvs.cipe-linux.sourceforge.net:/cvsroot/cipe-linux login

Give a blank password, then proceed with

cvs -d:pserver:anonymous@cvs.cipe-linux.sourceforge.net:/cvsroot/cipe-linux co cipe-linux

Older releases

CIPE 1.0.1 - texinfo
CIPE 1.1.0
CIPE 1.2.0 - texinfo
CIPE 1.3.0 - texinfo
CIPE 1.4.6 - texinfo

Mailing list

There used to be a mailing list for this package, but is has been discontinued.

An archive of the list is available on the web at http://sites.inka.de/bigred/archive/cipe-l/.