CIPE - Crypto IP Encapsulation

This is an ongoing project to build encrypting IP routers. The protocol used is as lightweight as possible. It is designed for passing encrypted packets between prearranged routers in the form of UDP packets. This is not as flexible as IPSEC but it is enough for the original intended purpose: securely connecting subnets over an insecure transit network. The implementations mentioned below are actually in use in such an application.

The only available implementation by now is a kernel driver for Linux. Another implementation, a user-level driver for Linux and BSD systems, was halfway implented as a test-bed but then abandoned. (If anyone is interested in the code ask me.) These implementations are freely available under the GNU GPL or less restrictive conditions.

For details, refer to the protocol description.

Software

These versions serve different purposes, see below.

CIPE Linux kernel driver, version 1.0.1. (66k, tar.gz)
CIPE Linux kernel driver, version 1.1.0. (70k, tar.gz)
new CIPE Linux kernel driver, version 1.3.0. (88k, tar.gz)
rrouted - Linux 2.1 replacement for request-route (15k, C)

Documentation

Documentation for the Linux package in texinfo format:
- for version 1.0.1 (44k)
- for version 1.3.0 (50k)
(The Info file is included in the source distribution above, this one is for people who want to print it.)
Hints on making CIPE work on MIPS.

Future development

In the near future, development is taking place on four branches:

Release 1.0: I've repackaged release 0.5.6 plus the tiny compilation bugfix and designated it as release 1.0.0. If there are any bugfixes or additions made to this release, it will become 1.0.x. This supports CIPE protocol 3 and Linux 2.0.x.
Release 1.1: Matthew Grant has contributed a modified version of 0.5.6 that emulates an Ethernet interface and can run IPX and Appletalk over it. As this is an incompatible protocol it gets protocol number 4. What was said about 1.0 further development holds here too. Note: there is no real documentation on 1.1 by now.
Release 1.2, 1.3: CIPE 1.2 and 1.3 supports Linux 2.2 as well as Linux 2.0 and CIPE protocol version 3. Later perhaps the code for protocol 4 will be integrated here too, but that's further into the future.
The ucipe utility: I have an almost-ready add-on which does public key based key management and could considerably ease administration. Someone else is working on finishing it.

Just don't confuse the version numbers with the Linux development model; 1.1 and 1.2 are somewhat parallel branches. This is necessary by now because of the big differences between Linux 2.0 and 2.1 networking code.

Mailing list

There is a mailing list for this package, send mail to majordomo@inka.de with the command

subscribe cipe-l

in the message body to join the list.

An archive of the list is now available on the web.
The archive is also available via mail (send the command help to the above majordomo address and look for usage of the index and get commands).

1999-06-14 Olaf Titz