[support] Bls: Support Digest, Vol 40, Issue 1
Brama Subhifajar
first_shaboo at yahoo.com
Mon Feb 2 03:55:02 JST 2009
hello,
thank's to Mr. Sebastien Decugis for the answer.
but I still have a problem, when I am change network from Home Network to Foreign Network with IPSec, Binding Update from Mobile Node to Home Agent was sent, but the Home Agent not make a respon, so the Mobile Node can not registered the new CoA to Home Agent. then I try to ping Corresponden Node the messege is "operation is not permitted". then when I try again without IPSec, all node run with no error.
I am using sa.conf for IPSec:
##-------------------------------------------------------------
## IPsec MN -> HA, CN (BU) and HA, CN -> MN (BA) Transport Mode
##-------------------------------------------------------------
add 2001:660:4701:5::12 #mobile node
2001:660:4701:5::1 #home agent
esp 0001
-m transport
-E null
-A null;
add 2001:660:4701:5::1
2001:660:4701:5::12
esp 0002
-m transport
-E null
-A null;
##-------------------------------------------------------
## IPsec MN -> HA (HoTI) and HA -> MN (HoT) Tunnel Mode
##-------------------------------------------------------
add 2001:660:4701:5::12
2001:660:4701:5::1
esp 0016
-m tunnel
-E null
-A null;
add 2001:660:4701:5::1
2001:660:4701:5::12
esp 0017
-m tunnel
-E null
-A null;
I active with:
setkey -FP
setkey -F
setkey -f /usr/local/etc/sa.conf
is there any wrong?
________________________________
Dari: "support-request at ml.nautilus6.org" <support-request at ml.nautilus6.org>
Kepada: support at ml.nautilus6.org
Terkirim: Minggu, 1 Februari, 2009 09:28:27
Topik: Support Digest, Vol 40, Issue 1
Send Support mailing list submissions to
support at ml.nautilus6.org
To subscribe or unsubscribe via the World Wide Web, visit
http://ml.nautilus6.org/mailman/listinfo/support
or, via email, send a message with subject or body 'help' to
support-request at ml.nautilus6.org
You can reach the person managing the list at
support-owner at ml.nautilus6.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Support digest..."
Today's Topics:
1. IPSec on Homeguy (Brama Subhifajar)
2. Re: IPSec on Homeguy (Sebastien Decugis)
----------------------------------------------------------------------
Message: 1
Date: Sat, 31 Jan 2009 22:04:20 +0800 (SGT)
From: Brama Subhifajar <first_shaboo at yahoo.com>
Subject: [support] IPSec on Homeguy
To: support at ml.nautilus6.org
Message-ID: <179050.88309.qm at web76308.mail.sg1.yahoo.com>
Content-Type: text/plain; charset="utf-8"
hello,
I try to implementation Mobile IPv6 and I am using homeguy for all node on my network.
My implementation using IPsec, and I have trouble:
when I try to run mip6d I have XFRM error report both on Mobile Node and Home Agent, then I try check on kernel ( security option --> XFRM (IPSec)) I found the option is not marked. so I mark (*) then I recompie the kernel like the instruction on https://help.ubuntu.com/community/Kernel/Compile#AltBuildMethod
I was trying all the tutorial, all process when compiling kernel was sucessed with no error. I reboot computer and login at new kernel. the problem, My implementation is using RADVD for router advertisement when I start error messege is apparmor module is failed to load.. I check again the module,(/lib/module/) I found there is no folder ubuntu and on (/sys/module) there is no folder apparmor.
I am using homeguy kernel 2.6.22-14-mip6 and repository from http://software.nautilus6.org/packages/ubuntu gutsy/
http://debian.nctu.edu.tw/ubuntu gutsy/.
I think I was wrong on compiling kernel..
can somebody help me to make correction from what I did.. or any suggestion how to implementation mobile IPv6 using IPSec..
sorry if my english is bad.
thank's before
Bersenang-senang di Yahoo! Messenger dengan semua teman. Tambahkan mereka dari email atau jaringan sosial Anda sekarang! http://id.messenger.yahoo.com/invite/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.nautilus6.org/pipermail/support/attachments/20090131/a62f4f96/attachment.html
------------------------------
Message: 2
Date: Sun, 01 Feb 2009 00:56:36 +0900
From: Sebastien Decugis <sdecugis at hongo.wide.ad.jp>
Subject: Re: [support] IPSec on Homeguy
To: Support ML <support at ml.nautilus6.org>
Message-ID: <498474B4.5070604 at hongo.wide.ad.jp>
Content-Type: text/plain; charset=UTF-8
Hello,
The homeguy live CD was tested successfully with IPsec protection of
Mobile IPv6 signaling and payload data (both static and dynamic keying).
If you are using it you don't need to recompile the kernel or other
components, since they were patched to work smoothly together. You can
even use the HAiku software to generate the configuration for your
static keying for you.
If you want to use newer versions, you may need to port some of the
patches. You can find a tutorial (almost 1 year ago, situation probably
changed) on [1] and probably more up-to-date information on [2].
Hope it helps...
Sebastien.
[1] http://www.nautilus6.org/doc/dk-howto/Howto_dynamic_keying.html
[2] http://natisbad.org/MIPv6/index.html
Brama Subhifajar a écrit :
> hello,
>
> I try to implementation Mobile IPv6 and I am using homeguy for all
> node on my network.
> My implementation using IPsec, and I have trouble:
>
> when I try to run mip6d I have XFRM error report both on Mobile Node
> and Home Agent, then I try check on kernel ( security option --> XFRM
> (IPSec)) I found the option is not marked. so I mark (*) then I recompie
> the kernel like the instruction on
> https://help.ubuntu.com/community/Kernel/Compile#AltBuildMethod
> I was trying all the tutorial, all process when compiling kernel was
> sucessed with no error. I reboot computer and login at new kernel. the
> problem, My implementation is using RADVD for router advertisement when
> I start error messege is apparmor module is failed to load.. I check
> again the module,(/lib/module/) I found there is no folder ubuntu
> and on (/sys/module) there is no folder apparmor.
>
> I am using homeguy kernel 2.6.22-14-mip6 and repository from
> http://software.nautilus6.org/packages/ubuntu gutsy/
> http://debian.nctu.edu.tw/ubuntu gutsy/.
>
> I think I was wrong on compiling kernel..
>
> can somebody help me to make correction from what I did.. or any
> suggestion how to implementation mobile IPv6 using IPSec..
>
>
>
>
> sorry if my english is bad.
>
> thank's before
>
> ------------------------------------------------------------------------
> Mencari semua teman di Yahoo! Messenger?
> <http://sg.rd.yahoo.com/id/messenger/trueswitch/mailtagline/*http://id.messenger.yahoo.com/invite/>
> Undang teman dari Hotmail, Gmail ke Yahoo! Messenger dengan mudah sekarang!
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Support mailing list
> Support at ml.nautilus6.org
> http://ml.nautilus6.org/mailman/listinfo/support
------------------------------
_______________________________________________
Support mailing list
Support at ml.nautilus6.org
http://ml.nautilus6.org/mailman/listinfo/support
End of Support Digest, Vol 40, Issue 1
**************************************
Apakah demonstrasi & turun ke jalan itu hal yang wajar? Temukan jawabannya di Yahoo! Answers! http://id.answers.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.nautilus6.org/pipermail/support/attachments/20090202/20ea54d2/attachment-0001.htm
More information about the Support
mailing list