Table of Contents
http://www.tarsnap.com/spiped.html
spiped is a brilliant utility for symmetrically encrypting a link between two sockets.
1 How to create a RH/systemd service for for spiped
Generate a shared secret like so:
dd if=/dev/urandom of=/etc/spiped/service.key bs=32 count=1
+---------------- source ---------------------+ +------------------ destination ---------------+ | | | | | +-----------+ | | +-----------+ | | [ unencrypted traffic ] --> | spiped -e | --+--> [ encrypted traffic ] --+--> | spiped -d | --> [ unencrypted traffic ] | | +-----------+ | | +-----------+ | | | | | +---------------------------------------------+ +----------------------------------------------+
SOURCE=[0.0.0.0]:18082 TARGET=[127.0.0.1]:8082 MODE=d
[Unit]
Description = Spiped secure spipe daemon
Wants = network-online.target
[Service]
Type = forking
EnvironmentFile = /etc/default/spiped.%i
PIDFile = /run/spiped/spiped.%i.pid
ExecStartPre = /usr/bin/ls /etc/default/spiped.%i /etc/spiped/%i.key
ExecStart = /usr/local/bin/spiped -${MODE} -s "${SOURCE}" -t "${TARGET}" -k /etc/spiped/%i.key -p /run/spiped/spiped.%i.pid
RuntimeDirectory = spiped
RuntimeDirectoryMode = 0770
User = nobody
Group = nobody
Restart = always
[Install]
WantedBy = default.target
WIP