[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03957) Re: UMIP-0.4 MN Tunnel Setup and Binding Update Failure



Hi,

>> Tue, 2 Oct 2007 21:30:11 +0200
>> [Subject: (usagi-users 03956) Re: UMIP-0.4 MN Tunnel Setup and Binding Update Failure]
>> Alex <hhappy14@xxxxxxxxx> wrote...

> problem has been solved and MN can now send BU successfully to HA. I got
> another question, is it true that MN and HA cannot ping each other when the
> tunnel is established? In my testbed, MN and HA are both reachable from
> other IPv6 nodes and can ping other IPv6 nodes. But they cannot ping each
> other.
〜
> > IPsecPolicy called "TunnelMh" needs to be deprecated.  We will remove
> > it from the next version.
> >
> > IPsecPolicySet {
> >     HomeAgentAddress 2001:5c0:8ffe::2;
> >     HomeAddress 2001:5c0:8ffe::5/64;
> >
> >     IPsecPolicy Mh UseESP;
> >     IPsecPolicy TunnelHomeTesting UseESP;
> >                 ^^^^^^^^^^^^^^^^^
> > }

  Did you reflect Shinta-san's to your configuration?

  And Arnaud says, could you show your IPsec configuraiton?

  In my environment, ping6 between HA and MN is done each other.

  Regareds,

  The following is the example of my MN's configuration

<part of mip6d.conf>
--------------------------------------------------
IPsecPolicySet {
        HomeAgentAddress <address of HA>;
        HomeAddress <address of MN>/64;

        IPsecPolicy Mh UseESP 1 2;
        IPsecPolicy ICMP UseESP 5 6;
        IPsecPolicy TunnelHomeTesting UseESP 3 4;
}
--------------------------------------------------

<IPsec configuration>
--------------------------------------------------
# BU
add <address of MN> <address of HA> esp 0xaaaa2001 -m transport -u
 1 -E 3des-cbc "V6LC-000--12345678901234" -A hmac-sha1 "V6LC-000--1234567890";
# BA
add <address of HA> <address of MN> esp 0xaaaa2002 -m transport -u
 2 -E 3des-cbc "V6LC-000--12345678901234" -A hmac-sha1 "V6LC-000--1234567890";
# HoTI
add <address of MN> <address of HA> esp 0xaaaa2003 -m tunnel -u 3 
-E 3des-cbc "V6LC-000--12345678901234" -A hmac-sha1 "V6LC-000--1234567890";
# HoT
add <address of HA> <address of MN> esp 0xaaaa2004 -m tunnel -u 4 
-E 3des-cbc "V6LC-000--12345678901234" -A hmac-sha1 "V6LC-000--1234567890";
# MPS
add <address of MN> <address of HA> esp 0xaaaa2005 -m transport -u
 5 -E 3des-cbc "V6LC-000--12345678901234" -A hmac-sha1 "V6LC-000--1234567890";
# MPA
add <address of HA> <address of MN> esp 0xaaaa2006 -m transport -u
 6 -E 3des-cbc "V6LC-000--12345678901234" -A hmac-sha1 "V6LC-000--1234567890";
# TNRV

# TNFW
--------------------------------------------------

--
Noriaki TAKAMIYA