README from the ipip encapsulation daemon as distributed by Bdale Garbee N3EUA.

$Id: README,v 1.2 1995/03/19 17:21:06 bdale Exp $

This is a derivation of Mike Westerhof's ipip daemon for Unix machines.  Mike
provided code that worked for SunOS, I ported the daemon to HP-UX and BSD/OS,
and Ron Atkinson N8FOW and John Paul Morrison provided the tweaks for Linux.

To build the daemon:

	# you've obviously already unpacked the source distribution.  On BSD
	# systems, I like to part it in /usr/src/local/ipip, and augment the
	# Makefiles so that the daemon becomes part of the normal full build.

	# make a copy of the correct Makefile, I like to symlink them and use
	# RCS to manage the changes, but to each his own...
	ln -s Makefile.BSD Makefile
    or  ln -s Makefile.Linux Makefile

	# edit Makefile to set desired options, as documented below

	# if you're on a BSD system, issue the following four make commands...
	make obj
	make depend
	make
	make install

	# if you're on a Linux system, just do
	make all

To install the daemon:

	Look in the 'samples' subdirectory for examples of how to create a
	config file, which defines interfaces, and a routes file, which sets
	up the routing table.  The 'bdale' subdirectory has a couple of
	example configs, one very old one from Mike, one that represents 
	almost what Bdale runs today.  The 'n8fow' subdirectory has Ron's
	config files, which are perhaps more appropriate for Linux users.  I
	suggest you troll it all, though, and see what's there.

	Got questions?  Ask.  It'll help motivate me/us to improve the docs!

To re-build the daemon if you make source changes:

	# if you're on BSD, just do a
	make

	# if you're on Linux, do 
	make clean ; make all

Logging output is handled via syslog.  We use the LOCAL0 service specifier
in syslog's configuration file by default.  As a result, make sure to look
for errors in the /var/log/local0 (BSD) or /var/adm/local0 (Linux) or

/usr/adm/local0 (HP-UX) file, and arrange for appropriate log rotation.  You
can send a SIGHUP to the daemon after rotating log files and/or loading new
routing information to get it to "restart".  You probably also need to SIGHUP
syslogd to note the log rotation.

The following options are available when running the program (yeah, there
should be a man page, but "life is short and the ROM is full"):

              Options are:
               -help      Print this summary of options
               -v         Print just the version number and exit
               -c file    Use the supplied filename as the config file
               -r file    Use the supplied filename as the route file
               -s n       Report statistics every n minutes
               -np        Don't print the ipip[1234]: prefix
               -nts       Don't include a timestamp in the statistics
               -t         Turn on tracing of incoming packets
               -d         Print out some debugging information

There are two options in the Makefile.  If you include -DBDALE, the daemon will
allow routing packets back out the same interface they came in on.  This is
useful if you have a "firewall" on your corporate network and want to run the
daemon as a "bent pipe" on a machine that sits atop the firewall.  If you
include -DAMPRONLY, then any packets which do not have both source and
destination addresses in network 44 get dropped on the floor.  After we had a
non-ham on the Internet attack one of our net-44 subnets, we implemented this
firewall, and now use a mixture of MX records pointing via a dual-homed host
and socks services to do everything we want from the network 44 side while
presenting a blank wall to non-net-44 initiated connections.  Ugly, but it
works.  Someday when I'm resting, I'll put screend up to manage the firewall
and return the ipip daemon to being "transparent".  But not today...

If you have questions about this stuff, I can be reached as bdale@gag.com.  If
you make changes or improvements, please send them along so I can update
the distribution.

The key changes from Mike's original are the use of syslog for logging, changes
in the size of the route table allowed, the ability to route back out the
same interface a packet was received on, the firewall, and random BSD'isms.  
Mike certainly should get all the credit for making this work initially... it
has made life much simpler for me, at least!

I'll borrow a page from Rich Salz... if you put this up and run it, and like
it, how about sending me a QSL card, or a postcard?  I'm good in the callbook
and associated databases... and the poured-concrete walls here in "The Bit 
Basement" could use more wallpaper...  :-)

73 - Bdale, N3EUA
