Hy Tat!
Why do you use the same IP address for HA.eth1 and MN.eth0?
Be happy! be root?
Paolo Cavone
paocavo@...
http://www.cavone.com
----- Original Message -----
From: "Tat" <tat.michy@...>
To: <dynamics-user@...>
Sent: Wednesday, December 11, 2002 5:23 PM
Subject: [dynamics-user] Need help; dynmnd on Win2k doesn't work
> Hi,
>
> I've tried to use dynmnd ver. 0.8.1 on Windows2000 as a
> MIP based software development test environment but it
> always fails to find FA.
>
> dynmnd on linux works fine so I think the configuration of
> FA and HA are both OK...
>
> According to debug log of FA and MN, it seems that MN on Win2k
> sends ICMP solicitation to FA and FA receive it, but FA doesn't
> accept or MN doesn't receive Adv of FA.
>
> I tried to search ML archives about this kind of issue
> but ML's link on HUT site leads to "Object Not Found...."
> so could anyone tell me how to make dynmnd works on Win2k?
>
> The configuration of PCs are as follows:
>
> FA:10.3.2.1 on eth0, 10.3.2.5 on eth1
> OS: RedHat Linux 8.0 with kernel 2.4.18
> NIC1: eth0 = Lucent base PCMCIA Wireless LAN(orinco_cs)
> NIC2: eth1 = NE2000 base PCMCIA LAN
> (Full Reverse Tunneling)
>
> HA: 10.3.1.1 on eth0, 10.3.2.10 on eth1
> OS: RedHat Linux 8.0 with kernel 2.4.18
> NIC1: eth0 = Lucent base PCMCIA Wireless LAN(orinco_cs)
> NIC2: eth1 = NE2000 base PCMCIA LAN
>
> APs: 10.3.2.100
>
> MN1: 10.3.2.10 on eth0
> OS: Vine Linux 2.15 with kernel 2.2.18(?)
> NIC: eth0 = Lucent base PCMCIA Wireless LAN (wvlan_cs)
>
> MN2: 10.3.2.10 (doesnot run with MN1 at the same time)
> OS: Windows 2000 (cygwin + WinPcap 3.0a)
> NIC: Lucent base PCMCIA Wireless LAN (same as others)
>
> dynmnd.conf with MN1 works fine. but dynmnd.conf with MN2
> doesn't work... Of cource I didn't run MN1 and MN2 at the
> same time.
>
> kernel configuration for each linux host is as shown in
> docs of Dynamics.
>
> debug logs of MN and FA and dynmnd.conf on win2k are attached..
> Do I miss something or an extra patch is needed?
> I'm happy with any kind of hints.
>
> Thank you.
>
> -------
> Tatsuhiro Nishioka
> tat.michy@...
>
>
> -- Attached file included as plaintext by Listar --
> -- File: falog.txt
>
> Using configuration file '/etc/dynfad.conf'
>
DEBUG_FLAGS[ffffffffffffffffffffeffbfffffebfffffffffffffffffffffffffffffffff
]
> FA command line parsing
> Initializing interfaces
> eth0: ifindex=8 forcing address Listening UDP on 10.3.2.1:434 dev[eth0]
> 10.3.2.1 => socket=7
> init_data: Hashes initialized
> init_data: upper_fa_addr = 10.3.2.1:434
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ** send_agent_advs: next agentadv: 1039544044.973670 diff = 30052 msec
> ICMP from 10.3.2.10 to 255.255.255.255, len=28
> sll_ifindex=8 sll_hatype=0x0100 sll_pkttype=1 sll_halen=6
sll_addr=00:02:2d:01:62:f3:00:00
> ** send_agent_advs: next agentadv: 1039544045.32262 diff = 25292 msec
> Pending agent sol reply. 116038 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544044.967256 diff = 25110 msec
> Found delayed solicitation reply
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ICMP from 10.3.2.10 to 255.255.255.255, len=28
> sll_ifindex=8 sll_hatype=0x0100 sll_pkttype=1 sll_halen=6
sll_addr=00:02:2d:01:62:f3:00:00
> ** send_agent_advs: next agentadv: 1039544045.6864 diff = 24140 msec
> Pending agent sol reply. 186377 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544044.996026 diff = 23942 msec
> Found delayed solicitation reply
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ICMP from 10.3.2.10 to 255.255.255.255, len=28
> sll_ifindex=8 sll_hatype=0x0100 sll_pkttype=1 sll_halen=6
sll_addr=00:02:2d:01:62:f3:00:00
> ** send_agent_advs: next agentadv: 1039544045.78762 diff = 23086 msec
> Pending agent sol reply. 26571 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544044.977263 diff = 22958 msec
> Pending agent sol reply. 272 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544045.100371 diff = 23079 msec
> Found delayed solicitation reply
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ICMP from 10.3.2.10 to 255.255.255.255, len=28
> sll_ifindex=8 sll_hatype=0x0100 sll_pkttype=1 sll_halen=6
sll_addr=00:02:2d:01:62:f3:00:00
> ** send_agent_advs: next agentadv: 1039544045.80575 diff = 21257 msec
> Pending agent sol reply. 25814 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544044.933947 diff = 21083 msec
> Found delayed solicitation reply
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ICMP from 10.3.2.10 to 255.255.255.255, len=28
> sll_ifindex=8 sll_hatype=0x0100 sll_pkttype=1 sll_halen=6
sll_addr=00:02:2d:01:62:f3:00:00
> ** send_agent_advs: next agentadv: 1039544044.937408 diff = 19360 msec
> Pending agent sol reply. 12055 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544044.987406 diff = 19396 msec
> Found delayed solicitation reply
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ICMP from 10.3.2.10 to 255.255.255.255, len=28
> sll_ifindex=8 sll_hatype=0x0100 sll_pkttype=1 sll_halen=6
sll_addr=00:02:2d:01:62:f3:00:00
> ** send_agent_advs: next agentadv: 1039544045.5840 diff = 15434 msec
> Pending agent sol reply. 114876 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544044.976036 diff = 15289 msec
> Pending agent sol reply. 44 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544045.20290 diff = 15331 msec
> Found delayed solicitation reply
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ICMP from 10.3.2.10 to 255.255.255.255, len=28
> sll_ifindex=8 sll_hatype=0x0100 sll_pkttype=1 sll_halen=6
sll_addr=00:02:2d:01:62:f3:00:00
> ** send_agent_advs: next agentadv: 1039544044.955214 diff = 6984 msec
> Pending agent sol reply. 83305 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544045.47446 diff = 6993 msec
> Found delayed solicitation reply
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ** send_agent_advs: next agentadv: 1039544075.184649 diff = 30136 msec
> ICMP from 10.3.2.10 to 255.255.255.255, len=28
> sll_ifindex=8 sll_hatype=0x0100 sll_pkttype=1 sll_halen=6
sll_addr=00:02:2d:01:62:f3:00:00
> ** send_agent_advs: next agentadv: 1039544075.236929 diff = 21289 msec
> Pending agent sol reply. 144620 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544075.91588 diff = 20998 msec
> Found delayed solicitation reply
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ** send_agent_advs: next agentadv: 1039544105.112519 diff = 30019 msec
> ICMP from 10.3.2.10 to 255.255.255.255, len=28
> sll_ifindex=8 sll_hatype=0x0100 sll_pkttype=1 sll_halen=6
sll_addr=00:02:2d:01:62:f3:00:00
> ** send_agent_advs: next agentadv: 1039544105.96931 diff = 18681 msec
> Pending agent sol reply. 81411 usecs
> set_expr_timer: remaining delayed solicitation reply
> ** send_agent_advs: next agentadv: 1039544105.165505 diff = 18668 msec
> Found delayed solicitation reply
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ** send_agent_advs: next agentadv: 1039544135.364852 diff = 30197 msec
> sending agent advertisement
> * IP header, len=20
> * header, len=8
> * agentadv ext, len=12
> * Dynamics ext, len=13
> * FA NAI, len=21
> * total len: 74
> ** send_agent_advs: next agentadv: 1039544165.479995 diff = 30115 msec
> clean_up(2)
> Removing bindings..
> Removing tunnels..
> Removing delayed tunnel deletions..
> Removing dynamic FA information..
> Removing dynamic next lower FA information..
>
> -- Attached file included as plaintext by Listar --
> -- File: mnlog.txt
>
> Using configuration file './dynmnd.conf'
>
DEBUG_FLAGS[ffffffffffffffffffffeffbfffffebfffffffffffffffffffffffffffffffff
]
> Load config
> Register MN default FA_GET handler
> init_handler_lists: begin
> init_handler_lists: end
> handler_register: "Get best FA" Event handler registered
> Register MN default INTERFACE_INIT handler
> handler_register: "Initialize interface" Event handler registered
> Register MN default INTERFACE_DOWN handler
> handler_register: "Interface down" Event handler registered
> init - rtnetlink socket opening failed
> Init tunneling
> dyn_ip_route_save_default - default route saved
> NextHop=192.168.1.254, ifIndex=16777219
> setting forced gateway 10.3.1.1
> MN initialized to connected state,
> SPI: 1000, HA: 10.3.1.1,
> HomeAddr: 10.3.2.10, CurrentAddr: 10.3.2.10
> check_interfaces: new interface
> modify_new_interface (start): device_count 0
> modify_interface: interface up
> mn_default_INTERFACE_INIT_handler
> Opening ICMP socket for interface \ (index=16777219).
> ICMP adv socket as a UDP kludge
> sockets: sol=7 adv=6
> index = 16777219
> open_query_socket: bind failed: No such file or directory
> mn_get_device_priority: socket: No such file or directory interface
priority = 100
> sending agent solicitation
> handler_call_all: 1 "Initialize interface" Event handlers called
> modify_new_interface (end): device_count 1
> find_agent(0)
> handler_call_all: 1 "Get best FA" Event handlers called
> update_fa_decision: Can't find FA!
> Too frequent agent solicitations (dev=\) - skipping
> find_agent - TIMER_GEN: set now+1 sec
> State: Find agent
> init_pcap_for_advs: using device '\'
> init_pcap_for_advs: child starting to capture packets
> Timeout
> disabling TIMER_GEN
> find_agent(1)
> handler_call_all: 1 "Get best FA" Event handlers called
> update_fa_decision: Can't find FA!
> sending agent solicitation
> find_agent - TIMER_GEN: set now+1 sec
> State: Find agent
> Timeout
> disabling TIMER_GEN
> find_agent(1)
> handler_call_all: 1 "Get best FA" Event handlers called
> update_fa_decision: Can't find FA!
> sending agent solicitation
> find_agent - TIMER_GEN: set now+1 sec
> State: Find agent
> Timeout
> disabling TIMER_GEN
> find_agent(1)
> handler_call_all: 1 "Get best FA" Event handlers called
> update_fa_decision: Can't find FA!
> sending agent solicitation
> find_agent - TIMER_GEN: set now+2 sec
> State: Find agent
> Timeout
> disabling TIMER_GEN
> find_agent(1)
> handler_call_all: 1 "Get best FA" Event handlers called
> update_fa_decision: Can't find FA!
> sending agent solicitation
> find_agent - TIMER_GEN: set now+4 sec
> State: Find agent
> Timeout
> disabling TIMER_GEN
> find_agent(1)
> handler_call_all: 1 "Get best FA" Event handlers called
> update_fa_decision: Can't find FA!
> sending agent solicitation
> find_agent - TIMER_GEN: set now+8 sec
> State: Find agent
> Timeout
> disabling TIMER_GEN
> find_agent(1)
> handler_call_all: 1 "Get best FA" Event handlers called
> update_fa_decision: Can't find FA!
> sending agent solicitation
> find_agent - TIMER_GEN: set now+16 sec
> State: Find agent
> Timeout
> disabling TIMER_GEN
> find_agent(1)
> handler_call_all: 1 "Get best FA" Event handlers called
> update_fa_decision: Can't find FA!
> sending agent solicitation
> find_agent - TIMER_GEN: set now+32 sec
> State: Find agent
> Timeout
> disabling TIMER_GEN
> find_agent(1)
> handler_call_all: 1 "Get best FA" Event handlers called
> update_fa_decision: Can't find FA!
> sending agent solicitation
> find_agent - TIMER_GEN: set now+64 sec
> State: Find agent
> cleaning up..
> Terminating pcap capturer
> reply_waiting_api: no waiting call
> Close tunneling
> reply_waiting_api: no waiting call
> clean_up: 0 "FA Advertisement receive" handler(s) removed
> clean_up: 0 "FA Advertisement expire" handler(s) removed
> handler_unregister: "Get best FA" Event handler unregistered
> clean_up: 1 "Get best FA" handler(s) removed
> handler_unregister: "Initialize interface" Event handler unregistered
> clean_up: 1 "Initialize interface" handler(s) removed
> handler_unregister: "Interface down" Event handler unregistered
> clean_up: 1 "Interface down" handler(s) removed
> cleaned up
>
> -- Attached file included as plaintext by Listar --
> -- File: dynmnd.conf
>
> # $Id: dynmnd.conf,v 1.56 2001/10/20 13:36:07 jm Exp $
> # Mobile Node configuration file
> #
> # Dynamic hierarchial IP tunnel
> # Copyright (C) 1998-2001, Dynamics group
> #
> # This program is free software; you can redistribute it and/or modify
> # it under the terms of the GNU General Public License version 2 as
> # published by the Free Software Foundation. See README and COPYING for
> # more details.
> #
> #######################################################################
> #
> # NOTE!
> # This is an example configuration file designed to give
> # perspective to the system configuration AND to provide
> # a basis for a working simple test environment.
> # The values of some of the parameters may not be the
> # same as the daemon's defaults, so don't get confused.
> #
> # To get a minimal test working, you will need to check the
> # following items:
> # * MNHomeIPAddress
> # * HAIPAddress
> # * EnableFADecapsulation
> # * HomeNetPrefix (if using FA decapsulation or
> # dynamics HA address resolution)
> # * SPI and SharedSecret
> # The rest of the items should work with their preset values in
> # most cases and they can be used to fine tune the operations
> # after the basic operation have been tested successfully.
> #
> #######################################################################
> #
> # The Mobile Nodes's IP address in the Home Network.
> # If using AAA (see UseAAA below), home address can be set to 0.0.0.0 in
order
> # to request a home address from the AAA infrastructure. This requires
that
> # also MN NAI is configured.
> MNHomeIPAddress 10.3.2.10
>
> # The Mobile Node's Network Access Identifier (NAI) [RFC2794]
> # If configured, this NAI is used in registration requests to identify the
> # mobile user for AAA services.
> #
> # MNNetworkAccessIdentifier "user@..."
>
> # UseAAA < TRUE | FALSE >. TRUE enables AAA extensions (key requests using
> # material from AAA, HA and home address discovery using AAA, etc.). This
> # requires that MN NAI and AAA related items below are configured.
> # FALSE disables these extensions.
> UseAAA FALSE
>
> # The IP address of Mobile Node's Home Agent. In case of a private HA
address
> # this is the address of the surrogate HA. If the HA address is unknown,
set
> # this to 0.0.0.0 and make sure that HomeNetPrefix is correct for dynamic
> # HA address resolution or use AAA to discover HA address. If the HA has
> # multiple interfaces, this should be the address of the "public"
interface,
> # i.e., the one toward default gateway (it has to be reachable from the
foreign
> # networks).
> HAIPAddress 10.3.1.1
>
> # If the HA has more than one interfaces, HAIPAddress should be configured
to
> # be the one reachable from the Internet (i.e., from the foreign networks
the
> # MN may visit). To allows MN to detect other HA's interfaces, their IP
> # addresses may be configured here. MN will use this list in addition to
> # HAIPAddress when determining whether an agent advertisement is from its
own
> # HA (i.e., when MN is at home). Multiple lines containing different
addresses
> # may be used to configure more than one alternative HA address.
> # AlternativeHAIPAddress 10.1.2.3
> # AlternativeHAIPAddress 10.2.3.4
>
> # AllowHomeAddrFromForeignNet < TRUE | FALSE >. TRUE allows AAA to assign
> # a home agent and home address from the foreign network (assuming they
are
> # set to 0.0.0.0 above). FALSE means that both the home agent and the home
> # address must be from the home domain.
> AllowHomeAddrFromForeignNet FALSE
>
> # The following configuration options PrivateHAIPAddress,
PrivateHAIdentifier,
> # and HANetworkAccessIdentifier are only used with home networks that use
> # private IP addresses and a surrogate HA. In other cases they should be
left
> # commented.
>
> # The private IP address of Mobile Node's Home Agent.
> # Needed only, if surrogate HA is used.
> # PrivateHAIPAddress 192.168.200.200
>
> # The identifier for the private HA in SHA (unique 32-bit number)
> # PrivateHAIdentifier 1
>
> # Home Agent Network Access Identifier (NAI)
> # If configured, this NAI is used to match the HA agent advertisements
when
> # a MN is determining whether it is at home or not. This is mainly used
with
> # private HA address that may not be globally unique.
> #
> HANetworkAccessIdentifier "HN_MIP_CNDS"
>
> # EnableFADecapsulation < TRUE | FALSE >. TRUE enables a mode where
> # the FA decapsulates the IP-within-IP encapsulated IP packets.
> # FALSE disables this mode and sets the default mode where the
> # MN decapsulates the IP-within-IP encapsulated IP packets.
> # With FA decapsulation the MN uses its home address in the interface even
in
> # the foreign network and with MN decapsulation MN needs to acquire a
> # co-located care-of address from the visited network (this needs an
external
> # program; see man pages for more information).
> # The two modes cannot be used simultaneously.
> EnableFADecapsulation TRUE
>
> # Network address of home network (CIDR format: a.b.c.d/prefix_length)
> # This is used with FA decapsulation and dynamics HA address resolution.
If
> # commented, the routing entry is not removed nor added. The home net
entry
> # may optionally be used with MN decapsulation - see MNDecapsRouteHandling
> # option below.
> #
> # Example: 192.168.242.0/24
> HomeNetPrefix 10.3.1.0/24
>
> # Home net default gateway
> # This entry can be used to force a gateway that the MN uses when it is
> # at home. If this is left commented, the MN tries to use the default
route
> # that was in use when the program was started.
> #
> HomeNetGateway 10.3.1.1
>
>
############################################################################
#
> # a SPI (Security Parameter Index) must be defined for every MN.
> # It is used for indexing the security association at the Home Agent.
> SPI 1000
> #
> # The SharedSecret is provided as a HEX number string. The shared secret
can
> # also be given as a character string
> # (e.g. character string "ABCDE" corresponds to HEX number string
4142434445).
> # Note: RFC 2002 specifies that the default key size is 128 bits (i.e.
> # 16 bytes or 32 hex 'characters'). Dynamics supports also other key
lengths.
> # This shared secret is used with the HA. This must be commented out when
using
> # AAA infrastructure for key generation. In this case, the AAA related
items
> # below must be configured.
> # SharedSecret < shared secret >
> # SharedSecret 016A352B2F235E
> SharedSecret "MN2HA"
> #
> # Authentication algorithm
> # 1: MD5/prefix+suffix (a.k.a. keyed-MD5) [RFC 2002]
> # 4: HMAC-MD5 [RFC 2104]
> # 5: SHA-1 [FIPS 180-1]
> # 6: HMAC-SHA1 [RFC 2104]
> # Note! MD5/prefix+suffix has known weaknesses and use of HMAC-MD5 is
> # recommented. MD5/prefix+suffix algorithm is for backwards compatability
with
> # older versions that do not support more secure HMAC-MD5.
> AuthenticationAlgorithm 4
> #
> # Replay prevention method:
> # 0: none
> # 1: time stamps
> # 2: nonces
> ReplayMethod 1
> #
> # Mobile Node may have optional security associations with Foreign
> # Agents. If the security association exists an additional Mobile Node -
> # Foreign Agent Authentication Extension is added to the registration
requests.
> #
> # The following list contains the shared secrets indexed by SPI (and
> # Foreign Agent IP address). The algorithm field specifies the method
> # used for key distribution (see the list above). The format of the share
> # secret field is identical to the one used with the MN-HA security
> # association list above.
> #
> FA_SECURITY_BEGIN
> # SPI FA IP Alg. Shared Secret
> 2001 10.3.2.1 4 "MN2FA"
> FA_SECURITY_END
>
>
> # MN-AAA Authentication and Challenge/Response [RFC3012]
>
> # If the MN does not have a security association with an FA, it may use
AAA
> # infrastructure for authentication. If this is used, also MN NAI
> # ('MNNetworkAccessIdentifier' above) should be configured.
>
> # SPI to be used in MN-AAA authentication.
> # Reserved SPI values:
> # 2 = CHAP_SPI, CHAP style authentication using MD5 [RFC 3012]
> # 3 = MD5/prefix+suffix [draft-ietf-mobileip-aaa-key-03.txt]
> # 4 = HMAC MD5 [draft-ietf-mobileip-aaa-key-03.txt]
> # MN-AAA-SPI 12345
>
> # Shared secret for MN-AAA authentication (see 'SharedSecret' above for
format
> # instructions)
> # MN-AAA-SharedSecret "test"
>
> # Algorithms to be used for MN-AAA authentication and key generation
> # 1 = MD5/prefix+suffix (RFC 2002)
> # 2 = RADIUS authentication (Sec. 8 of RFC 3012)
> # 3 = MD5/prefix+suffix (RFC 2002) (alias for 1 above)
> # 4 = HMAC-MD5 (Sec. 6 of RFC 3012; RFC 2104)
> # 5 = SHA-1 (FIPS 180-1)
> # 6 = HMAC-SHA1 (RFC 2104)
> # Note: with algorithm 2, 'MN-AAA-SPI' should be set to reserved number
> # CHAP_SPI (default: 2).
> # MN-AAA-AuthenticationAlgorithm 4
> # MN-AAA-KeyGenerationAlgorithm 4
>
>
>
############################################################################
#
> # TunnelingMode < 1 | 2 | 3 | 4 >
> # The packets between the MN and a Correspondent Node (CN) can be routed
using
> # different routes. This option can be used to select, which mode will be
> # selected.
> # Possible values:
> # 1 = automatic, prefer reverse tunnel (i.e. bi-directional tunnel)
> # 2 = automatic, prefer triangle tunnel (i.e. tunnel only in CN->MN
direction)
> # 3 = accept only reverse tunnel
> # 4 = accept only triangle tunnel
> TunnelingMode 3
>
> # When MN can get its own co-located care-of address and use reverse
tunneling,
> # the normal method is to set the default route to the tunnel. This means
that
> # all the packets destined to other networks than the current subnet in
the
> # visited network are send via the HA. If the co-located COA is public, it
can
> # be used for sessions that do not need constant IP address (e.g. most of
the
> # web browsing). The following configuration option specifies the routing
> # operation that is used with the co-located COA.
> # Possible values:
> # 0 = set default route to the tunnel
> # 1 = set only the home net route to the tunnel (the above HomeNetPrefix
> # options must be set)
> # 2 = do not change the routing entries (i.e. some external means must
be
> # used to direct traffic to the tunnel, e.g. manually adding host
route
> # to a specific host)
> MNDecapsRouteHandling 0
>
> # DefaultTunnelLifetime is the lifetime suggested in registration
> # The lifetime is defined in seconds, default value is 300.
> # The request timer will be set according to this value. If the FA's agent
> # advertisment has a smaller time, it is used instead.
> # Special case: 65535 (or more) seconds means unlimited time (the binding
will
> # not expire)
> # MNDefaultTunnelLifetime [ seconds ]
> MNDefaultTunnelLifetime 300
>
> # UDP port to be used for sending registration requests
> # Port 434 is allocated for Mobile IP signaling and this should not be
changed
> # unless the network is known to use some other port (i.e. all the FAs and
HAs
> # must have the same port configured).
> UDPPort 434
>
> # Socket priority for signaling sockets (UDP) can be set with SO_PRIORITY
to
> # allow easier QoS configuration. If this argument is set, the given value
is
> # used as a priority for the signaling socket. E.g. CBQ class can be used
to
> # make sure that signaling is not disturbed by other traffic on a
congested
> # link.
> # This feature is still undocumented and can be left commented.
> #
> # SocketPriority 1
>
> # The log messages are written through syslog service. The facility to be
> # used defaults to LOG_LOCAL0, but it can be set with this parameter
> # to any of the possible facilities (LOG_AUTHPRIV, LOG_DAEMON, and so on).
> # The processing of log messages is defined in /etc/syslog.conf file.
> SyslogFacility LOG_DAEMON
>
> # Ignore these interfaces. No agent advertisements are received nor
> # agent solicitations sent for these interfaces.
> IGNORE_INTERFACES_BEGIN
> lo
> dummy0
> tunl0
> gre0
> IGNORE_INTERFACES_END
>
> # Other programs may set routing entries so that the data connection may
> # fail. The MN can try to enforce the routes that it believes should be
used.
> # This operation should currently be used only with FA decapsulation. If
the
> # route enforcement is activated the MN daemon prevents certain route
changes.
> EnforceRoutes FALSE
>
> # MN can be instructed to poll for current AP address when using a
wireless
> # LAN driver that supports wireless extensions. This can be used to speed
up
> # handoffs when using managed mode (BSS).
> # Polling interval is configured in micro seconds
> # (i.e., 1000000 equals to 1 second)
> # -1 = AP polling disabled
> APPollingInterval -1
>
> # MN can be instructed to send periodic agent solicitations to find new
FAs.
> # Normally, MN uses agent solicitations when it does not have a valid
agent
> # advertisement. Periodic solicitation occurs even if the connection seems
to
> # be up. This will cause more broadcast messages and is thus disabled in
the
> # default configuration, but it can speed up handoffs in some
environments.
> # Solicitation interval is configured in micro seconds (usec)
> # (i.e., 1000000 usec equals to 1 second). A rnadom time between 0 and 0.5
> # second will be added to solicitation intervals to prevent unwanted
> # synchronization of broadcast messages. In addition, solicitations will
not be
> # send more often than once per second, so this interval should not be
> # configured to be less than 1000000 usec.
> # -1 = Periodic agent solicitation disabled
> SolicitationInterval -1
>
>
############################################################################
#
> # Mobile Nodes use unix domain sockets to communicate through their API
> # interfaces.
> # The group and owner must be names as strings, no groupIDs or userIDs are
> # allowed. The file permissions are set in octal values like in chmod(1).
> # The configuration parameters of the two API sockets are as follows:
> MNAPIReadSocketPath "/var/run/dynamics_mn_read"
> MNAPIReadSocketGroup "root"
> MNAPIReadSocketOwner "root"
> MNAPIReadSocketPermissions 0666
> #
> MNAPIAdminSocketPath "/var/run/dynamics_mn_admin"
> MNAPIAdminSocketGroup "root"
> MNAPIAdminSocketOwner "root"
> MNAPIAdminSocketPermissions 0700
> #
> # Every configuration file must end to the keyword 'END'.
> END
>
> --------------------------------------------
> Dynamics - HUT Mobile IP user List
> http://www.cs.hut.fi/Research/Dynamics/
>
>
--------------------------------------------
Dynamics - HUT Mobile IP user List
http://www.cs.hut.fi/Research/Dynamics/
|