[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 04012) Is it possible to encrypt all packets in Reverse tunelling?
- To: usagi-users@xxxxxxxxxxxxxx
- Subject: (usagi-users 04012) Is it possible to encrypt all packets in Reverse tunelling?
- From: "Michal Franczak" <misieq.franciszek@xxxxxxxxx>
- Date: Tue, 25 Dec 2007 13:53:25 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=UPmveBrDbAEYHPfDsxiHo21WqmAfnkbggSK5C/8x9JQ=; b=PKq9CuBUZdamyaxXdWeNczb3mSyDKggv6KSuD+XFqyf7hd5o2ujuIkFoOKHizU61oEqtaKppCrj6Kavnp+3koqY5oDt8WyKSa2K5j8ap1nQN+EkQmTXrCzNUKFKfjgRSWoCj9YBSxFMGvix8IpajySDMw3nH43qYw3l8KRGzBjU=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=wp6zcyvTolwJLRdMzM8Gg74eKgaQOOJW3p+4aDp/4/WeiP4PMsRwpSz3s5TvQSiKLCqJgOqtZSxwLzAlRr695fbyeNlku+fTp8MxF/UM6gvE9n9tEOUySV0QXHa/Ujg7T6J2yssdPUTGDZWM2PPbmceL1eGFcCqVFbmrN/ufVeI=
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Resent-date: Wed, 26 Dec 2007 12:45:00 +0900
- Resent-from: nakam@xxxxxxxxxxxxxx
- Resent-message-id: <200712261245.FMLAAB23029.usagi-users@linux-ipv6.org>
- Resent-to: usagi-users@xxxxxxxxxxxxxx (moderated)
Hello all,
Is it possible to encapsulate by IPsec all packets send between the Mobile Node and the Home Agent?
Currently I've managed to configure reverse tunbelling with IPsec but it encrypts only packets destignated to the Home Agent.
Here are parts of my config files:
sa.conf:
# 2003::1 is home address of MN
# 2003::2 is address of HA
#des-cbc key should be 8 characters long
#hmac-sha1 key should be 20 characters long
flush;
# MN -> HA transport SA for BU
add 2003:0:0:0::1 2003:0:0:0::2 esp 2000
-u 1
-m transport
-E des-cbc "my_key_1"
-A hmac-sha1 "this is the test key" ;
# HA -> MN transport SA for BA
add 2003:0:0:0::2 2003:0:0:0::1 esp 2001
-u 2
-m transport
-E des-cbc "my_key_1"
-A hmac-sha1 "this is the test key" ;
# MN -> HA transport SA for MPS
add 2003:0:0:0::1 2003:0:0:0::2 esp 2002
-u 3
-m transport
-E des-cbc "my_key_1"
-A hmac-sha1 "this is the test key" ;
# HA -> MN transport SA for MPA
add 2003:0:0:0::2 2003:0:0:0::1 esp 2003
-u 4
-m transport
-E des-cbc "my_key_1"
-A hmac-sha1 "this is the test key" ;
# MN -> HA tunnel SA for HoTI
add 2003:0:0:0::1 2003:0:0:0::2 esp 2004
-u 5
-m tunnel
-E des-cbc "my_key_1"
-A hmac-sha1 "this is the test key" ;
# HA -> MN tunnel SA for HoT
add 2003:0:0:0::2 2003:0:0:0::1 esp 2005
-u 6
-m tunnel
-E des-cbc "my_key_1"
-A hmac-sha1 "this is the test key" ;
and the part of mip6d.conf responsible for IPsec:
IPsecPolicy HomeRegBinding UseESP 1 2;
IPsecPolicy MobPfxDisc UseESP 3;
# IPsecPolicy TunnelMh UseESP;
# IPsecPolicy TunnelHomeTesting UseESP;
IPsecPolicy TunnelHomeTesting UseESP 5 6;
I've tried IPsecPolicy all UseESP but it seems not to work
Second question is if it is possible to send Binding Update in IPsec tunnel mode not in transport mode.
Best Regards Michal