[support] IKEv2 and SADB on Ubuntu 9.10

[Arnaud Ebalard]

Hi,

dfg dfg <abxccd at msn.com> writes:

> I have checked out the latest source of racoon2 from the racoon2 cvs
> and applied the MIPv6 support patches manually to the source. The
> "patched" source compiles fine and installed fine. However, it seems
> that my mobile node will send a IKE_SA_INIT and keep resending it,
> because the home agent does not send its IKE_SA_INIT.I have followed
> the configuration files from:
> http://www.nautilus6.org/doc/dk-howto/howto_dynamic_keying.html 
>  
> The only thing I did not do was to recompile the kernel with
> SADB_X_EXT_PACKET support. From what I have been reading,
> www.natisbad.org/mipv6 says that PF_KEY_SADB_X_EXT_KMADDRESS is now
> part of the linux kernel. I am not sure if this is relevant to the
> IKEv2 implementation. 
>  
> I am running Ubuntu 9.10 with the 2.6.31 kernel, but patching it for
> SADB_X_EXT_PACKET support reports a lot of hunks that
> failed. Compilation also terminated when it got around to compiling
> for SADB_X_EXT_PACKET. 
>  
> So the question is, do I need to have SADB_X_EXT_PACKET support in
> order to get IKEv2 to work with mobile ipv6 on the 2.6.31 kernel?

MIGRATE and KMADDRESS are in upstream kernel since 2.6.28.
MIGRATE and KMADDRESS are also upstream in racoon too for a while now.

Now, if you need a MIPv6-enabled IKEv2 daemon, AFAIK:

 - strongSwan support both extensions. There is a page on the strongSwan
   wiki documenting that: http://wiki.strongswan.org/wiki/1/MobileIPv6
 - racoon2 *does not support* the extensions and there is to my knowledge
   no working patches for KMADDRESS and MIGRATE for racoon2 (as of today).

SADB_X_EXT_PACKET was part of the first MIGRATE drafts. Due to
limitations, it has been replaced by in the last version [1] of the draft by
KMADDRESS. For that reason, SADB_X_EXT_PACKET is not needed.

Cheers,

a+

[1] http://tools.ietf.org/html/draft-ebalard-mext-pfkey-enhanced-migrate-00