Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

- changed the config format for mip6makeconfig.sh.

  - transport parameters and tunnel parameters must be defined separately.
  - uses unique id to avoid unintended updating of SA values.
  • Loading branch information...
commit d80814ff01f2b0f3a6abbb827c37672898c0036e 1 parent 019a7f0
keiichi authored
Showing with 67 additions and 21 deletions.
  1. +25 −6 kame/kame/mip6control/config
  2. +42 −15 kame/kame/mip6control/mip6makeconfig.sh
View
31 kame/kame/mip6control/config
@@ -1,12 +1,31 @@
#
# a sample config file for mip6makeconfig.sh
#
-# this file must be placed in /usr/local/v6/etc/mobileip6/xxxxx where
-# xxxxx is 5 digits.
+# this file must be placed in /usr/local/v6/etc/mobileip6/nodename where
+# nodename is a arbitrary name of a mobile node.
+#
+
+#
+# set proper addresses for both a mobile node and a home agent.
#
mobile_node=2001:200:0:0:201:11ff:fe54:4fde
home_agent=2001:200:0:0:201:11ff:fe54:5ffc
-spi_mn_to_ha=2000
-spi_ha_to_mn=2001
-algorithm=blowfish-cbc
-secret="THIS_IS_MY_SECRET!!!"
+
+#
+# parameters for the IPsec transport mode to protect home (de)registration.
+#
+transport_spi_mn_to_ha=2000
+transport_spi_ha_to_mn=2001
+transport_protocol=ah
+transport_algorithm=hmac-sha1
+transport_secret="THIS_IS_AH_SECRET!!!"
+
+#
+# parameters for the IPsec tunnel mode to protect RR signals.
+#
+tunnel_spi_mn_to_ha=2002
+tunnel_spi_ha_to_mn=2003
+tunnel_uid_mn_to_ha=2002
+tunnel_uid_ha_to_mn=2003
+tunnel_algorithm=blowfish-cbc
+tunnel_secret="THIS_IS_ESP_SECRET!!"
View
57 kame/kame/mip6control/mip6makeconfig.sh
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $Id: mip6makeconfig.sh,v 1.2 2002/12/04 05:39:05 keiichi Exp $
+# $Id: mip6makeconfig.sh,v 1.3 2003/01/31 10:19:46 keiichi Exp $
cat=/bin/cat
basename=/usr/bin/basename
@@ -12,6 +12,8 @@ if [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
+ipv6_mobile_config_dir=${ipv6_mobile_config_dir:-/usr/local/v6/etc/mobileip6}
+
if [ $# -ne 1 ]; then
${cat} <<EOF
Usage: ${0} node_dir
@@ -24,8 +26,6 @@ EOF
exit 1
fi
-ipv6_mobile_config_dir=${ipv6_mobile_config_dir:-/usr/local/v6/etc/mobileip6}
-
#
# check node_dir
#
@@ -43,6 +43,15 @@ node_dir=${ipv6_mobile_config_dir}/${1}
. ${node_dir}/config
#
+# set other auto configurable parameters
+#
+if [ "X${transport_protocol}" = "Xah" ]; then
+ transport_algoarg='-A'
+else
+ transport_algoarg='-E'
+fi
+
+#
# write security association configuration files
#
@@ -51,9 +60,23 @@ node_dir=${ipv6_mobile_config_dir}/${1}
#
${cat} << EOF > ${node_dir}/add
add ${mobile_node} ${home_agent}
- esp ${spi_mn_to_ha} -E ${algorithm} "${secret}";
+ ${transport_protocol} ${transport_spi_mn_to_ha}
+ -m transport
+ ${transport_algoarg} ${transport_algorithm} "${transport_secret}";
+add ${home_agent} ${mobile_node}
+ ${transport_protocol} ${transport_spi_ha_to_mn}
+ -m transport
+ ${transport_algoarg} ${transport_algorithm} "${transport_secret}";
+add ${mobile_node} ${home_agent}
+ esp ${tunnel_spi_mn_to_ha}
+ -m tunnel
+ -u ${tunnel_uid_mn_to_ha}
+ -E ${tunnel_algorithm} "${tunnel_secret}";
add ${home_agent} ${mobile_node}
- esp ${spi_ha_to_mn} -E ${algorithm} "${secret}";
+ esp ${tunnel_spi_ha_to_mn}
+ -m tunnel
+ -u ${tunnel_uid_ha_to_mn}
+ -E ${tunnel_algorithm} "${tunnel_secret}";
EOF
#
@@ -61,9 +84,13 @@ EOF
#
${cat} << EOF > ${node_dir}/delete
delete ${mobile_node} ${home_agent}
- esp ${spi_mn_to_ha};
+ ${transport_protocol} ${transport_spi_mn_to_ha};
+delete ${home_agent} ${mobile_node}
+ ${transport_protocol} ${transport_spi_ha_to_mn};
+delete ${mobile_node} ${home_agent}
+ esp ${tunnel_spi_mn_to_ha};
delete ${home_agent} ${mobile_node}
- esp ${spi_ha_to_mn};
+ esp ${tunnel_spi_ha_to_mn};
EOF
#
@@ -76,10 +103,10 @@ EOF
${cat} <<EOF > ${node_dir}/spdadd_home_agent
spdadd ${home_agent} ${mobile_node}
62 -P out ipsec
- esp/transport//require;
+ ${transport_protocol}/transport//require;
spdadd ${mobile_node} ${home_agent}
62 -P in ipsec
- esp/transport//require;
+ ${transport_protocol}/transport//require;
EOF
#
@@ -98,10 +125,10 @@ EOF
${cat} <<EOF >> ${node_dir}/spdadd_home_agent
spdadd ::/0 ${mobile_node}
62 -P out ipsec
- esp/tunnel/${home_agent}-${mobile_node}/require;
+ esp/tunnel/${home_agent}-${mobile_node}/unique:${tunnel_uid_ha_to_mn};
spdadd ${mobile_node} ::/0
62 -P in ipsec
- esp/tunnel/${mobile_node}-${home_agent}/require;
+ esp/tunnel/${mobile_node}-${home_agent}/unique:${tunnel_uid_mn_to_ha};
EOF
#
@@ -120,10 +147,10 @@ EOF
${cat} <<EOF > ${node_dir}/spdadd_mobile_node
spdadd ${mobile_node} ${home_agent}
62 -P out ipsec
- esp/transport//require;
+ ${transport_protocol}/transport//require;
spdadd ${home_agent} ${mobile_node}
62 -P in ipsec
- esp/transport//require;
+ ${transport_protocol}/transport//require;
EOF
#
@@ -142,10 +169,10 @@ EOF
${cat} <<EOF >> ${node_dir}/spdadd_mobile_node
spdadd ${mobile_node} ::/0
62 -P out ipsec
- esp/tunnel/${mobile_node}-${home_agent}/require;
+ esp/tunnel/${mobile_node}-${home_agent}/unique:${tunnel_uid_mn_to_ha};
spdadd ::/0 ${mobile_node}
62 -P in ipsec
- esp/tunnel/${home_agent}-${mobile_node}/use;
+ esp/tunnel/${home_agent}-${mobile_node}/unique:${tunnel_uid_ha_to_mn};
EOF
#
Please sign in to comment.
Something went wrong with that request. Please try again.