[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03931) Re: RACOON/UMIP/KERNEL Patches

I don't use NetworkManager at all. Basically, my test laptop has wifi
activated, sometimes bluetooth (for fun because latency is terrible)
and also ethernet when some cable is plugged. Using preferences on
interfaces in umip, everything works fine. my resolv.conf has a static
DNS configuration (quite logical).

Probably a stupid question but what's the interest of NetworkManager in
that context ?

Well in that context it is probably useless. NetworkManager becomes very convenient when you are moving to several locations with different WiFi configurations for example. But that tool is not IPv6-friendly at all currently :( And it becomes worst when MIPv6 is around...

> (patch about dynamic adding the interfaces)
> To make it simple, i did not have the need and HA are pretty
stable in term of interfaces while MN and CN are not.

Yes, this makes sense in my opinion.

With regards to racoon2, I am not familiar with the rekeying

1) Simple test: negotiate CHILD_SA lifetime of 60 sec and see the behavior after a movement.

Since the IKE_SA survives movement, the rekeying should happen regarless of movement. Anyway I have had the case where CHILD_SA expired during the handover and... segfault. I definitly need to spend time on this configuration, but I have more urgent tasks currently.

2) Question: from old reading of 4306, i think i remember that lifetime
             are no more negotiated but each side manages its own
             direction. Tell me if i'm wrong. This might end up creating
             problems if the KM on the HA tries to rekey when the MN
             moves. On the MN, this could be detected.

IIRC, only the initiator should initiate a rekeying process. The configurations have to be in sync so that the initiator SA lifetime is >= to the responder SA lifetime. I have not verified this in the RFC.

In racoon, one of the patches removes the need to access the SP during
rekeying (for generating ID). If the racoon2 also does that kind of
thing, you can't keep the SA up with the HA (via rekeying) when on HL
(if acceptable).

Hmmm that is exactly the kind of side-effect I was thinking of. We would need to determine if the SA should survive when MN is at home, before making it possible to rekey.

rekeying, I have not investigated.

Investigating you need. May the force be with you.

Yeah thanks :D