1 README for the ipip encapsulation daemon as distributed by Bdale Garbee N3EUA.
3 This is a derivation of Mike Westerhof's ipip daemon for Unix machines. Mike
4 provided code that worked for SunOS, I ported the daemon to HP-UX and BSD/OS,
5 and Ron Atkinson N8FOW and John Paul Morrison provided the tweaks for Linux.
6 I am once again actively maintaining the ipip package, and as a Debian
7 GNU/Linux maintainer, that's the platform I'm doing the work on. The BSD
8 support should mostly still work, but is untested by me in recent times. It
9 should be trivial to unpack and build these sources on non-Debian Linux
10 systems, and not hard on any system with BSD-style sockets.
14 # you've obviously already unpacked the source distribution. On BSD
15 # systems, I like to part it in /usr/src/local/ipip, and augment the
16 # Makefiles so that the daemon becomes part of the normal full build.
18 # make a copy of the correct Makefile, I like to symlink them and use
19 # RCS to manage the changes, but to each his own...
20 ln -s Makefile.BSD Makefile
21 or ln -s Makefile.Linux Makefile
23 # edit Makefile to set desired options, as documented below
25 # if you're on a BSD system, issue the following four make commands...
31 # if you're on a Linux system, just do
34 To install the daemon:
36 Look in the 'samples' subdirectory for examples of how to create a
37 config file, which defines interfaces, and a routes file, which sets
38 up the routing table. The 'bdale' subdirectory has a couple of
39 example configs, one very old one from Mike, one that represents
40 almost what Bdale runs today. The 'n8fow' subdirectory has Ron's
41 config files, which are perhaps more appropriate for Linux users. I
42 suggest you troll it all, though, and see what's there.
44 Got questions? Ask. It'll help motivate me/us to improve the docs!
46 To re-build the daemon if you make source changes:
48 # if you're on BSD, just do a
51 # if you're on Linux, do
54 Logging output is handled via syslog. We use the LOCAL0 service specifier
55 in syslog's configuration file by default. As a result, make sure to look
56 for errors in the /var/log/local0 (BSD) or /var/adm/local0 (Linux) or
58 /usr/adm/local0 (HP-UX) file, and arrange for appropriate log rotation. You
59 can send a SIGHUP to the daemon after rotating log files and/or loading new
60 routing information to get it to "restart". You probably also need to SIGHUP
61 syslogd to note the log rotation.
63 The following options are available when running the program (yeah, there
64 should be a man page, but "life is short and the ROM is full"):
67 -help Print this summary of options
68 -v Print just the version number and exit
69 -c file Use the supplied filename as the config file
70 -r file Use the supplied filename as the route file
71 -s n Report statistics every n minutes
72 -np Don't print the ipip[1234]: prefix
73 -nts Don't include a timestamp in the statistics
74 -t Turn on tracing of incoming packets
75 -d Print out some debugging information
77 There is one option in the Makefile. If you include -DAMPRONLY, then any
78 packets which do not have both source and destination addresses in network
79 44 get dropped on the floor. After we had a non-ham on the Internet attack
80 one of our net-44 subnets, we implemented this firewall, and now use a mixture
81 of MX records pointing via a dual-homed host and socks services to do
82 everything we want from the network 44 side while presenting a blank wall to
83 non-net-44 initiated connections. Ugly, but it works. Someday when I'm
84 resting, I'll put screend up to manage the firewall and return the ipip
85 daemon to being "transparent". But not today...
87 If you have questions about this stuff, I can be reached as bdale@gag.com. If
88 you make changes or improvements, please send them along so I can update