6.7. Customizing CIPE

CIPE can be configured in numerous ways, from passing parameters as command line arguments when starting ciped to generating new shared static keys. This allows a security administrator the flexibility to customize CIPE sessions to ensure security as well as increase productivity. The following chart details some of the command-line parameters when running the ciped daemon.

	Note
	The most common parameters should be placed in the `/etc/cipe/options.cipcbx` file for automatic loading at runtime. Be aware that any parameters passed at the command line as options will override respective parameters set in the `/etc/cipe/options.cipcbx` configuration file.

Parameter	Description
`arg`	Passes arguments to the `/etc/cipe/ip-up` initialization script
`cttl`	Sets the Carrier Time To Live (TTL) value; recommended value is 64
`debug`	Boolean value to enable debugging
`device`	Names the CIPE device
`ipaddr`	Publicly-routable IP address of the CIPE machine
`ipdown`	Choose an alternate `ip-down` script than the default `/etc/cipe/ip-down`
`ipup`	Choose an alternate `ip-up` script than the default `/etc/cipe/ip-down`
`key`	Specifies a shared static key for CIPE connection
`maxerr`	Number of errors allowable before the CIPE daemon quits
`me`	UDP address of the CIPE machine
`mtu`	Set the device maximum transfer unit
`nokey`	Do not use encryption
`peer`	The peer's CIPE UDP address
`ping`	Set CIPE-specific (non-ICMP) keepalive ping interval
`socks`	IP address and port number of the SOCKS server for proxy connections
`tokey`	Set dynamic key lifetime; default is 10 minutes (600 seconds)
`tokxc`	Timeout value for shared key exchange; default is 10 seconds
`tokxts`	Shared key exchange timestamp timeout value; default is 0 (no timestamps)
`toping`	Timeout value for keepalive pings; default is 0

Table 6-1. CIPE Parameters