| … | |
… | |
| 127 | .\} |
127 | .\} |
| 128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
| 129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
| 130 | .\" |
130 | .\" |
| 131 | .IX Title "GVPE 5" |
131 | .IX Title "GVPE 5" |
| 132 | .TH GVPE 5 "2004-06-11" "1.7" "GNU Virtual Private Ethernet" |
132 | .TH GVPE 5 "2005-01-27" "1.7" "GNU Virtual Private Ethernet" |
| 133 | .SH "NAME" |
133 | .SH "NAME" |
| 134 | GNU\-VPE \- Overview of the GNU Virtual Private Ethernet suite. |
134 | GNU\-VPE \- Overview of the GNU Virtual Private Ethernet suite. |
| 135 | .SH "DESCRIPTION" |
135 | .SH "DESCRIPTION" |
| 136 | .IX Header "DESCRIPTION" |
136 | .IX Header "DESCRIPTION" |
| 137 | \&\s-1GVPE\s0 is a suite designed to provide a virtual private network for multiple |
137 | \&\s-1GVPE\s0 is a suite designed to provide a virtual private network for multiple |
| 138 | nodes over an untrusted network. |
138 | nodes over an untrusted network. |
| 139 | .PP |
139 | .IP "\(bu" 4 |
|
|
140 | .IX Xref "Virtual" |
| 140 | \&\*(L"Virtual\*(R" means that no physical network is created (of course), but an |
141 | Virtual means that no physical network is created (of course), but an |
| 141 | ethernet is emulated by creating multiple tunnels between the member |
142 | ethernet is emulated by creating multiple tunnels between the member |
| 142 | nodes. |
143 | nodes. |
| 143 | .IX Xref "Virtual" |
144 | .IP "\(bu" 4 |
| 144 | .PP |
145 | .IX Xref "Private" |
| 145 | \&\*(L"Private\*(R" means that non-participating nodes cannot decode (\*(L"sniff)\*(R" nor |
146 | Private means that non-participating nodes cannot decode (\*(L"sniff)\*(R" nor |
| 146 | inject (\*(L"spoof\*(R") packets. |
147 | inject (\*(L"spoof\*(R") packets. |
| 147 | .IX Xref "Private" |
148 | .Sp |
| 148 | .PP |
|
|
| 149 | In the case of gvpe, even participating nodes cannot sniff packets send to |
149 | In the case of gvpe, even participating nodes cannot sniff packets send to |
| 150 | other nodes or spoof packets as if sent from other nodes. |
150 | other nodes or spoof packets as if sent from other nodes. |
| 151 | .PP |
151 | .IP "\(bu" 4 |
|
|
152 | .IX Xref "Network" |
| 152 | \&\*(L"Network\*(R" means that more than two parties can participate in the |
153 | Network means that more than two parties can participate in the network, |
| 153 | network, so for instance it's possible to connect multiple branches of a |
154 | so for instance it's possible to connect multiple branches of a company |
| 154 | company into a single network. Many so-called \*(L"vpn\*(R" solutions only create |
155 | into a single network. Many so-called \*(L"vpn\*(R" solutions only create |
| 155 | point-to-point tunnels. |
156 | point-to-point tunnels. |
| 156 | .IX Xref "Network" |
|
|
| 157 | .Sh "\s-1DESIGN\s0 \s-1GOALS\s0" |
157 | .Sh "\s-1DESIGN\s0 \s-1GOALS\s0" |
| 158 | .IX Subsection "DESIGN GOALS" |
158 | .IX Subsection "DESIGN GOALS" |
| 159 | .IP "\s-1SIMPLE\s0 \s-1DESIGN\s0" 4 |
159 | .IP "\s-1SIMPLE\s0 \s-1DESIGN\s0" 4 |
| 160 | .IX Item "SIMPLE DESIGN" |
160 | .IX Item "SIMPLE DESIGN" |
| 161 | Cipher, \s-1HMAC\s0 algorithms and other key parameters must be selected |
161 | Cipher, \s-1HMAC\s0 algorithms and other key parameters must be selected |
| … | |
… | |
| 189 | .SH "COMPILETIME CONFIGURATION" |
189 | .SH "COMPILETIME CONFIGURATION" |
| 190 | .IX Header "COMPILETIME CONFIGURATION" |
190 | .IX Header "COMPILETIME CONFIGURATION" |
| 191 | Please have a look at the \f(CW\*(C`gvpe.osdep(5)\*(C'\fR manpage for platform-specific |
191 | Please have a look at the \f(CW\*(C`gvpe.osdep(5)\*(C'\fR manpage for platform-specific |
| 192 | information. |
192 | information. |
| 193 | .PP |
193 | .PP |
| 194 | Here are a few recipes for compiling your gvpe: |
194 | Here are a few recipes for compiling your gvpe, showing the extremes |
|
|
195 | (fast, small, insecure \s-1OR\s0 slow, large, more secure), between you should |
|
|
196 | choose: |
| 195 | .Sh "\s-1AS\s0 \s-1LOW\s0 \s-1PACKET\s0 \s-1OVERHEAD\s0 \s-1AS\s0 \s-1POSSIBLE\s0" |
197 | .Sh "\s-1AS\s0 \s-1LOW\s0 \s-1PACKET\s0 \s-1OVERHEAD\s0 \s-1AS\s0 \s-1POSSIBLE\s0" |
| 196 | .IX Subsection "AS LOW PACKET OVERHEAD AS POSSIBLE" |
198 | .IX Subsection "AS LOW PACKET OVERHEAD AS POSSIBLE" |
| 197 | .Vb 1 |
199 | .Vb 1 |
| 198 | \& ./configure --enable-hmac-length=4 --enable-rand-length=0 |
200 | \& ./configure --enable-hmac-length=4 --enable-rand-length=0 |
| 199 | .Ve |
201 | .Ve |
| 200 | .PP |
202 | .PP |
| 201 | Minimize the header overhead of \s-1VPN\s0 packets (the above will result in only |
203 | Minimize the header overhead of \s-1VPN\s0 packets (the above will result in |
| 202 | 4 bytes of overhead over the raw ethernet frame). |
204 | only 4 bytes of overhead over the raw ethernet frame). This is a insecure |
|
|
205 | configuration because a \s-1HMAC\s0 length of 4 makes collision attacks based on |
|
|
206 | the birthday paradox easy, though. |
| 203 | .Sh "\s-1MINIMIZE\s0 \s-1CPU\s0 \s-1TIME\s0 \s-1REQUIRED\s0" |
207 | .Sh "\s-1MINIMIZE\s0 \s-1CPU\s0 \s-1TIME\s0 \s-1REQUIRED\s0" |
| 204 | .IX Subsection "MINIMIZE CPU TIME REQUIRED" |
208 | .IX Subsection "MINIMIZE CPU TIME REQUIRED" |
| 205 | .Vb 1 |
209 | .Vb 1 |
| 206 | \& ./configure --enable-cipher=bf --enable-digest=md4 |
210 | \& ./configure --enable-cipher=bf --enable-digest=md4 |
| 207 | .Ve |
211 | .Ve |
| 208 | .PP |
212 | .PP |
| 209 | Use the fastest cipher and digest algorithms currently available in gvpe. |
213 | Use the fastest cipher and digest algorithms currently available in |
|
|
214 | gvpe. \s-1MD4\s0 has been broken and is quite insecure, though. |
| 210 | .Sh "\s-1MAXIMIZE\s0 \s-1SECURITY\s0" |
215 | .Sh "\s-1MAXIMIZE\s0 \s-1SECURITY\s0" |
| 211 | .IX Subsection "MAXIMIZE SECURITY" |
216 | .IX Subsection "MAXIMIZE SECURITY" |
| 212 | .Vb 1 |
217 | .Vb 1 |
| 213 | \& ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 |
218 | \& ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 |
| 214 | .Ve |
219 | .Ve |
| 215 | .PP |
220 | .PP |
| 216 | This uses a 16 byte \s-1HMAC\s0 checksum to authenticate packets (I guess 8\-12 |
221 | This uses a 16 byte \s-1HMAC\s0 checksum to authenticate packets (I guess 8\-12 |
| 217 | would also be pretty secure ;) and will additionally prefix each packet |
222 | would also be pretty secure ;) and will additionally prefix each packet |
| 218 | with 8 bytes of random data. |
223 | with 8 bytes of random data. In the long run, people should move to |
|
|
224 | \&\s-1SHA\-224\s0 and beyond, but support in openssl is missing as of writing this |
|
|
225 | document. |
| 219 | .PP |
226 | .PP |
| 220 | In general, remember that \s-1AES\-128\s0 seems to be more secure and faster than |
227 | In general, remember that \s-1AES\-128\s0 seems to be more secure and faster than |
| 221 | \&\s-1AES\-192\s0 or \s-1AES\-256\s0, more randomness helps against sniffing and a longer |
228 | \&\s-1AES\-192\s0 or \s-1AES\-256\s0, more randomness helps against sniffing and a longer |
| 222 | \&\s-1HMAC\s0 helps against spoofing. \s-1MD4\s0 is a fast digest, \s-1SHA1\s0 or \s-1RIPEMD160\s0 are |
229 | \&\s-1HMAC\s0 helps against spoofing. \s-1MD4\s0 is a fast digest, \s-1SHA1\s0 or \s-1RIPEMD160\s0 are |
| 223 | better, and Blowfish is a fast cipher (and also quite secure). |
230 | better, and Blowfish is a fast cipher (and also quite secure). |
