6.7. Customizing CIPE
CIPE can be configured in numerous ways, from passing parameters as command line arguments when starting ciped to generating new shared static keys. This allows a security administrator the flexibility to customize CIPE sessions to ensure security as well as increase productivity.
 | Note |
|---|---|
The most common parameters should be placed in the /etc/cipe/options.cipcbx file for automatic loading at runtime. Be aware that any parameters passed at the command line as options will override respective parameters set in the /etc/cipe/options.cipcbx configuration file. |
Table 6-1 details some of the command-line parameters when running the ciped daemon.
| Parameter | Description |
|---|---|
| arg | Passes arguments to the /etc/cipe/ip-up initialization script |
| cttl | Sets the Carrier Time To Live (TTL) value; recommended value is 64 |
| debug | Boolean value to enable debugging |
| device | Names the CIPE device |
| ipaddr | Publicly-routable IP address of the CIPE machine |
| ipdown | Choose an alternate ip-down script than the default /etc/cipe/ip-down |
| ipup | Choose an alternate ip-up script than the default /etc/cipe/ip-up |
| key | Specifies a shared static key for CIPE connection |
| maxerr | Number of errors allowable before the CIPE daemon quits |
| me | UDP address of the CIPE machine |
| mtu | Set the device maximum transfer unit |
| nokey | Do not use encryption |
| peer | The peer's CIPE UDP address |
| ping | Set CIPE-specific (non-ICMP) keepalive ping interval |
| socks | IP address and port number of the SOCKS server for proxy connections |
| tokey | Set dynamic key lifetime; default is 10 minutes (600 seconds) |
| tokxc | Timeout value for shared key exchange; default is 10 seconds |
| tokxts | Shared key exchange timestamp timeout value; default is 0 (no timestamps) |
| toping | Timeout value for keepalive pings; default is 0 |
Table 6-1. CIPE Parameters