[MIPL] Problem of MIPL with IPSec

Fri, 15 Sep 2006 05:52:53 -0700

 Hello, everyone.

I have a problem to use MIPv6 with IPSec capability.

When the MN and HAs configurations are below, it works fine.

 

# MNs configuration

NodeConfig MN;

DebugLevel 10;

DoRouteOptimizationMN enabled;

UseCnBuAck disabled;

SendMobPfxSols disabled;

Interface "eth0";

MnHomeLink "eth0" {

             HomeAgentAddress 3ffe:401:11:2::1:1;

             HomeAddress 3ffe:401:11:2:209:5bff:fe4b:f4ea/64;

}

 

UseMnHaIPsec enabled;

KeyMngMobCapability disabled;

IPsecPolicySet {

             HomeAgentAddress 3ffe:401:11:2::1:1;

             HomeAddress 3ffe:401:11:2:209:5bff:fe4b:f4ea/64;

             IPsecPolicy HomeRegBinding UseESP 1 2;

}

 

#HAs configuration

NodeConfig HA;

DebugLevel 10;

Interface "eth0";

DoRouteOptimizationMN enabled;

UseMnHaIPsec enabled;

IPsecPolicySet {

             HomeAgentAddress 3ffe:401:11:2::1:1;

             HomeAddress 3ffe:401:11:2:209:5bff:fe4b:f4ea/64;;

             IPsecPolicy HomeRegBinding UseESP 1 2;

}

 

But, the configuration of the MN and HA is set as describe below, it does not work.

# MNs configuration

NodeConfig MN;

DebugLevel 10;

DoRouteOptimizationMN enabled;

UseCnBuAck disabled;

SendMobPfxSols disabled;

Interface "eth0";

MnHomeLink "eth0" {

             HomeAgentAddress 3ffe:401:11:2::1:1;

             HomeAddress 3ffe:401:11:2:209:5bff:fe4b:f4ea/64;

}

 

UseMnHaIPsec enabled;

KeyMngMobCapability disabled;

IPsecPolicySet {

             HomeAgentAddress 3ffe:401:11:2::1:1

             HomeAddress 3ffe:401:11:2:209:5bff:fe4b:f4ea/64;

             IPsecPolicy HomeRegBinding UseESP 1 2;

             IPsecPolicy TunnelMh UseESP 3 4;

}

 

#HAs configuration

NodeConfig HA;

DebugLevel 10;

Interface "eth0";

DoRouteOptimizationMN enabled;

UseMnHaIPsec enabled;

IPsecPolicySet {

             HomeAgentAddress 3ffe:401:11:2::1:1;

             HomeAddress 3ffe:401:11:2:209:5bff:fe4b:f4ea/64;;

             IPsecPolicy HomeRegBinding UseESP 1 2;

             IPsecPolicy TunnelMh UseESP 3 4;

}

 

The error message is shown as resource temporarily unavailable at the HA when the HA receives the binding update from the MN. Whats the problem? I read the MIPv6 2.0.2 supports IPSec during Bu/BAck and HoTI/HoT exchange between the HA and the MN. My configuration of security association follows

 

#sa.conf

# #-------------------------------------------------

# # IPsec MN -> HA Transport mode (BU)

# #-------------------------------------------------

add 3ffe:401:11:2:209:5bff:fe4b:f4ea 3ffe:401:11:2::1:1 esp 0001

-m transport

-E null

-A null ;

#-------------------------------------------------

# IPsec HA -> MN Transport mode (BA)

#-------------------------------------------------

add 3ffe:401:11:2::1:1 3ffe:401:11:2:209:5bff:fe4b:f4ea esp 0002

-m transport

-E null

-A null ;

#-------------------------------------------------

# IPsec MN -> HA Tunnel mode (HoTI)

#-------------------------------------------------

add 3ffe:401:11:2:209:5bff:fe4b:f4ea 3ffe:401:11:2::1:1 esp 0016

-m tunnel

-E null

-A null ;

#-------------------------------------------------

# IPsec HA -> MN Tunnel mode (HoT)

#-------------------------------------------------

add 3ffe:401:11:2::1:1 3ffe:401:11:2:209:5bff:fe4b:f4ea esp 0017

-m tunnel

-E null

-A null ;

 

Do you have any idea? If you had same experience as I had, please let me know what the problem is. It would be appreciated.

 

_______________________________________________
mipl mailing list
[email protected]
http://www.mobile-ipv6.org/cgi-bin/mailman/listinfo/mipl

Reply via email to