[support] Bls: Support Digest, Vol 40, Issue 1

Sebastien Decugis sdecugis at hongo.wide.ad.jp
Mon Feb 2 11:16:24 JST 2009 

Hi,

Your SA looks fine (although I never actually tried the NULL algorithm,
but it should be OK).

Since the BU is sent, your MN configuration should be fine.

What happens on the HA? Can you see the received BU in the HA mip6d
logs? Or is it dropped at IPsec level? Do you have the corresponding SA
entries on your HA?

Sebastien.

Brama Subhifajar a écrit :
> hello,
>
> thank's to Mr. Sebastien Decugis for the answer.
>
> but I still have a problem, when I am change network from Home Network
> to Foreign Network with IPSec, Binding Update from Mobile Node to Home
> Agent was sent, but the Home Agent not make a respon, so the Mobile
> Node can not registered the new CoA to Home Agent. then I  try to ping
> Corresponden Node the messege is "operation is not permitted". then
> when I try again without IPSec, all node run with no error.
>
> I am using sa.conf for IPSec:
>
> ##-------------------------------------------------------------
> ## IPsec MN -> HA, CN (BU) and HA, CN -> MN (BA) Transport Mode
> ##-------------------------------------------------------------
> add 2001:660:4701:5::12       #mobile node
>         2001:660:4701:5::1         #home agent
>         esp 0001
>         -m transport
>         -E null
>         -A null;
> add  2001:660:4701:5::1
>         2001:660:4701:5::12
>         esp 0002
>         -m transport
>         -E null
>         -A null;
> ##-------------------------------------------------------
> ## IPsec MN -> HA (HoTI) and HA -> MN (HoT) Tunnel Mode
> ##-------------------------------------------------------
> add 2001:660:4701:5::12
>         2001:660:4701:5::1
>         esp 0016
>         -m tunnel
>         -E null
>         -A null;
> add  2001:660:4701:5::1
>         2001:660:4701:5::12
>         esp 0017
>         -m tunnel
>         -E null
>         -A null;
>
> I active with:
> setkey -FP
> setkey -F
> setkey -f /usr/local/etc/sa.conf
>
> is there any wrong?
>
>
>
>
>
> ------------------------------------------------------------------------
> *Dari:* "support-request at ml.nautilus6.org"
> <support-request at ml.nautilus6.org>
> *Kepada:* support at ml.nautilus6.org
> *Terkirim:* Minggu, 1 Februari, 2009 09:28:27
> *Topik:* Support Digest, Vol 40, Issue 1
>
> Send Support mailing list submissions to
>     support at ml.nautilus6.org <mailto:support at ml.nautilus6.org>
>
> To subscribe or unsubscribe via the World Wide Web, visit
>     http://ml.nautilus6.org/mailman/listinfo/support
> or, via email, send a message with subject or body 'help' to
>     support-request at ml.nautilus6.org
> <mailto:support-request at ml.nautilus6.org>
>
> You can reach the person managing the list at
>     support-owner at ml.nautilus6.org <mailto:support-owner at ml.nautilus6.org>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Support digest..."
>
>
> Today's Topics:
>
>   1. IPSec on Homeguy (Brama Subhifajar)
>   2. Re: IPSec on Homeguy (Sebastien Decugis)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 31 Jan 2009 22:04:20 +0800 (SGT)
> From: Brama Subhifajar <first_shaboo at yahoo.com
> <mailto:first_shaboo at yahoo.com>>
> Subject: [support] IPSec on Homeguy
> To: support at ml.nautilus6.org <mailto:support at ml.nautilus6.org>
> Message-ID: <179050.88309.qm at web76308.mail.sg1.yahoo.com
> <mailto:179050.88309.qm at web76308.mail.sg1.yahoo.com>>
> Content-Type: text/plain; charset="utf-8"
>
> hello,
>
> I try to implementation Mobile IPv6 and I  am using  homeguy  for 
> all  node  on my  network.
> My implementation using IPsec, and I have trouble:
>
> when I try to run mip6d I have XFRM error report both on Mobile Node
> and  Home  Agent, then I try check on kernel ( security option -->
> XFRM (IPSec)) I found the option is not marked. so I mark (*) then I
> recompie the kernel like the instruction on 
> https://help.ubuntu.com/community/Kernel/Compile#AltBuildMethod 
> I was trying  all the tutorial, all process  when compiling kernel was
> sucessed with no error. I reboot computer and login at new kernel. the
> problem, My implementation is using RADVD for router advertisement
> when I start error messege is apparmor module is failed to load.. I
> check again the module,(/lib/module/)  I found there  is  no folder 
> ubuntu  and  on (/sys/module) there is no folder apparmor.
>
> I am using homeguy kernel 2.6.22-14-mip6 and repository from
> http://software.nautilus6.org/packages/ubuntu gutsy/
> http://debian.nctu.edu.tw/ubuntu gutsy/.
>
> I think I was wrong on compiling kernel..
>
> can somebody help me to make correction from what I did.. or any
> suggestion how to implementation mobile IPv6 using IPSec..
>
>
>
>
> sorry if my english is bad.
>
> thank's before
>
>
>
>       Bersenang-senang di Yahoo! Messenger dengan semua teman.
> Tambahkan mereka dari email atau jaringan sosial Anda sekarang!
> http://id.messenger.yahoo.com/invite/
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://ml.nautilus6.org/pipermail/support/attachments/20090131/a62f4f96/attachment.html
>
> ------------------------------
>
> Message: 2
> Date: Sun, 01 Feb 2009 00:56:36 +0900
> From: Sebastien Decugis <sdecugis at hongo.wide.ad.jp
> <mailto:sdecugis at hongo.wide.ad.jp>>
> Subject: Re: [support] IPSec on Homeguy
> To: Support ML <support at ml.nautilus6.org
> <mailto:support at ml.nautilus6.org>>
> Message-ID: <498474B4.5070604 at hongo.wide.ad.jp
> <mailto:498474B4.5070604 at hongo.wide.ad.jp>>
> Content-Type: text/plain; charset=UTF-8
>
> Hello,
>
> The homeguy live CD was tested successfully with IPsec protection of
> Mobile IPv6 signaling and payload data (both static and dynamic keying).
> If you are using it you don't need to recompile the kernel or other
> components, since they were patched to work smoothly together. You can
> even use the HAiku software to generate the configuration for your
> static keying for you.
>
> If you want to use newer versions, you may need to port some of the
> patches. You can find a tutorial (almost 1 year ago, situation probably
> changed) on [1] and probably more up-to-date information on [2].
>
> Hope it helps...
> Sebastien.
>
> [1] http://www.nautilus6.org/doc/dk-howto/Howto_dynamic_keying.html
> [2] http://natisbad.org/MIPv6/index.html
>
>
> Brama Subhifajar a écrit :
> > hello,
> >
> > I try to implementation Mobile IPv6 and I  am using  homeguy  for  all
> > node  on my  network.
> > My implementation using IPsec, and I have trouble:
> >
> > when I try to run mip6d I have XFRM error report both on Mobile Node
> > and  Home Agent, then I try check on kernel ( security option --> XFRM
> > (IPSec)) I found the option is not marked. so I mark (*) then I recompie
> > the kernel like the instruction on
> > https://help.ubuntu.com/community/Kernel/Compile#AltBuildMethod
> > I was trying all the tutorial, all process  when compiling kernel was
> > sucessed with no error. I reboot computer and login at new kernel. the
> > problem, My implementation is using RADVD for router advertisement when
> > I start error messege is apparmor module is failed to load.. I check
> > again the module,(/lib/module/)  I found there  is  no folder  ubuntu
> > and  on (/sys/module) there is no folder apparmor.
> >
> > I am using homeguy kernel 2.6.22-14-mip6 and repository from
> > http://software.nautilus6.org/packages/ubuntu gutsy/
> > http://debian.nctu.edu.tw/ubuntu gutsy/.
> > 
> > I think I was wrong on compiling kernel..
> >
> > can somebody help me to make correction from what I did.. or any
> > suggestion how to implementation mobile IPv6 using IPSec..
> >
> >
> >
> >
> > sorry if my english is bad.
> >
> > thank's before
> >
> > ------------------------------------------------------------------------
> > Mencari semua teman di Yahoo! Messenger?
> >
> <http://sg.rd.yahoo.com/id/messenger/trueswitch/mailtagline/*http://id.messenger.yahoo.com/invite/>
> > Undang teman dari Hotmail, Gmail ke Yahoo! Messenger dengan mudah
> sekarang!
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Support mailing list
> > Support at ml.nautilus6.org <mailto:Support at ml.nautilus6.org>
> > http://ml.nautilus6.org/mailman/listinfo/support
>
>
> ------------------------------
>
> _______________________________________________
> Support mailing list
> Support at ml.nautilus6.org <mailto:Support at ml.nautilus6.org>
> http://ml.nautilus6.org/mailman/listinfo/support
>
>
> End of Support Digest, Vol 40, Issue 1
> **************************************
>
> ------------------------------------------------------------------------
> Menambah banyak teman sangatlah mudah dan cepat.
> <http://sg.rd.yahoo.com/id/messenger/trueswitch/mailtagline/*http://id.messenger.yahoo.com/invite/>
> Undang teman dari Hotmail, Gmail ke Yahoo! Messenger sekarang!
> ------------------------------------------------------------------------
>
> _______________________________________________
> Support mailing list
> Support at ml.nautilus6.org
> http://ml.nautilus6.org/mailman/listinfo/support
>

More information about the Support mailing list