CIPE - Crypto IP Encapsulation
Note: After many years in productive use, this has finally
gotten obsolete. It was not updated to work with newer Linux kernels
for a long time, and today other alternatives exist. I recommend (and
use myself) OpenVPN instead.
This is an old project to build encrypting IP routers. It works by tunneling IP packets in encrypted UDP packets. The protocol is designed to be lightweight and simple. Special care has been taken to make this work over dynamic addresses, NAT and SOCKS proxies.
Implementations are currently available for Linux and Windows. The Windows stuff is being developed by Damion K. Wilson and can be found on the CIPE for Windows site.
Software
CVS archive and probably more stuff can now be found on the CIPE Project homepage atCurrent stable release: 1.6.0
- CIPE 1.6.0 (138k, tar.gz)
- CIPE 1.5.4 (138k, tar.gz)
- rrouted - user-space replacement for Linux 2.0's request-route (15k, C)
- The Blowfish cipher implementation as used in CIPE. (These files are included in the CIPE package too, this separate tarball is for the convenience of people who want to use it in other projects.) (12k, tar.gz (C/i386-asm))
The Linux CIPE project is released under the GNU General Public License.
Documentation
- CIPE FAQ page
- Documentation for the Linux package in HTML format
- Hints on making CIPE work on MIPS. (Applies to 1.3.0)
- An explanation why PPP over SSH and similar solutions are not a good idea.
- The protocol description for CIPE. An up-to-date version of this is also in the texinfo documentation.
Bug alerts
- 2002-01-07 Crasher in all previous versions [IMPORTANT PATCH]
- 2001-02-11 1.5.0 and pre-1.5.0 snapshots broken [IMPORTANT PATCH]
- 2001-02-11 tokxc option does not work in 1.2.0 through 1.4.5
Development history
These are the release numbers and development branches:- Release 1.0
- This version is obsolete. It supported CIPE protocol 3 and only Linux 2.0.x.
- Release 1.1
- Matthew Grant has contributed a modified version of 0.5.6 that emulates an Ethernet interface and can run IPX and Appletalk over it. As this is an incompatible protocol it gets protocol number 4. Note: there is no real documentation on 1.1. Linux 2.0 only.
- Release 1.2, 1.3
- CIPE 1.2 and 1.3 supports Linux 2.0 through 2.2, and CIPE protocol version 3. Obsolete.
- Release 1.4
- This supports CIPE protocol 3 and all Linux versions from 2.0 through 2.4 (support for the 2.3/2.4 series was developed and tested from 2.3.48 through 2.4.0-test8).
- Release 1.5
- CIPE 1.5 brings back protocol 4 for
newer Linux kernels and it is even possible to run an
Ethernet bridge over CIPE (under 2.4 or using the bridge
patches for 2.2).
CIPE 1.5 also contains the first version of PKCIPE. - Release 1.6
- This supports Linux 2.6 and the kernel crypto API.
Current development
It is planned to put additional functionality into PKCIPE, and make ciped independent of the module.
Access to latest code via CVS
The current development source can be checked out from the CVS repository. The following commands are needed:cvs -d:pserver:anonymous@cvs.cipe-linux.sourceforge.net:/cvsroot/cipe-linux loginGive a blank password, then proceed with
cvs -d:pserver:anonymous@cvs.cipe-linux.sourceforge.net:/cvsroot/cipe-linux co cipe-linux
Mailing list
There used to be a mailing list for this package, but is has been discontinued.An archive of the list is available on the web at http://sites.inka.de/bigred/archive/cipe-l/.