[support] Dynamic keyring with racoon2 operation
Brama Subhifajar
first_shaboo at yahoo.com
Mon Jul 6 02:18:56 JST 2009
Hi,
Finally, I have install Dynamic Keyring MIPv6, thanks to Sebastien Decugis for the tutorial.
I have some questions about how Dynamic keyring on MIPv6 works,
1. I have capture signaling betwen MN and HA :
MN -> HA: IKE_SA_INIT
MN <- HA: IKE_SA_INIT
MN -> HA: IKE_AUTH
MN <- HA: IKE_AUTH
MN -> HA: ESP (spi#1, contains the BU message)
MN <- HA: ESP (spi#2, contains the BA)
MN -> HA: CREATE_CHILD_SA
MN <- HA: CREATE_CHILD_SA
MN -> HA: ESP (spi#3, contains MPS)
MN <- HA: ESP (spi#4, contains MPA)
it is like on tutorial, but if it observed the change about IKEv2 is only happen when MN move to foreign network for the first time.
so when I move to furthermore deferent network, the IKEv2 exchange is not seeing, it is normal like that?
is IKE2 changed only once at the first? if yes, why it don't change on every move?
2. I have read, MIPv6 have Return Routability capability, the RR procedure is not seeing on signaling, and I was trying to use option "MNDoRouteOptimization = enabled" and "IPSec = enable" the daemon say its impossible. can you tell me why?
3. Can you tell me about Tunneling Payload and protecting HoTi/CoTi?
many thanks before..
"Coba Yahoo! Mail baru yang LEBIH CEPAT. Rasakan bedanya sekarang!
http://id.mail.yahoo.com"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.nautilus6.org/pipermail/support/attachments/20090706/691b6419/attachment.htm
More information about the Support
mailing list