[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 04012) Is it possible to encrypt all packets in Reverse tunelling?



Hello all,
Is it possible to encapsulate by IPsec all packets send between the Mobile Node and the Home Agent?
Currently I've managed to configure reverse tunbelling with IPsec but it encrypts only packets destignated to the Home Agent.
Here are parts of my config files:

sa.conf:
# 2003::1 is home address of MN
# 2003::2 is address of HA
#des-cbc key should be 8 characters long
#hmac-sha1 key should be 20 characters long
flush;
# MN -> HA transport SA for BU
 add 2003:0:0:0::1 2003:0:0:0::2 esp 2000
       -u 1
       -m transport
       -E des-cbc "my_key_1"
       -A hmac-sha1 "this is the test key" ;
# HA -> MN transport SA for BA
 add 2003:0:0:0::2 2003:0:0:0::1 esp 2001
        -u 2
        -m transport
        -E des-cbc "my_key_1"
        -A hmac-sha1 "this is the test key" ;
# MN -> HA transport SA for MPS
 add 2003:0:0:0::1 2003:0:0:0::2 esp 2002
        -u 3
        -m transport
        -E des-cbc "my_key_1"
        -A hmac-sha1 "this is the test key" ;
# HA -> MN transport SA for MPA
 add 2003:0:0:0::2 2003:0:0:0::1 esp 2003
        -u 4
        -m transport
        -E des-cbc "my_key_1"
        -A hmac-sha1 "this is the test key" ;
# MN -> HA tunnel SA for HoTI
 add 2003:0:0:0::1 2003:0:0:0::2 esp 2004
    -u 5
        -m tunnel
        -E des-cbc "my_key_1"
        -A hmac-sha1 "this is the test key" ;
# HA -> MN tunnel SA for HoT
 add 2003:0:0:0::2 2003:0:0:0::1 esp 2005
    -u 6
        -m tunnel
        -E des-cbc "my_key_1"
        -A hmac-sha1 "this is the test key" ;

and the part of mip6d.conf responsible for IPsec:
    IPsecPolicy HomeRegBinding UseESP 1 2;
    IPsecPolicy MobPfxDisc UseESP 3;
#    IPsecPolicy TunnelMh UseESP;
#    IPsecPolicy TunnelHomeTesting UseESP;
    IPsecPolicy TunnelHomeTesting UseESP 5 6;

I've tried IPsecPolicy all UseESP but it seems not to work

Second question is if it is possible to send Binding Update in IPsec tunnel mode not in transport mode.
Best Regards Michal