Written by Keiichi SHIMA @ { KAME Project | Internet Initiative Japan }
This document is obsoleted. Please find a newer version of Howto document.
This documents decsribes the step-by-step instruction to use the KAME Mobile IPv6(KAME/MIP6) features. Since the KAME/MIP6 is still under developping, these information may be outdated at the time when you are reading this document. Please refer the latest documentation included in the KAME kit in such a case.
Currently, FreeBSD and NetBSD is proved to work as a home agent / a mobile node / a correspondent node.Other BSDs (OpenBSD and BSD/OS) is not tested yet.
The KAME/MIP6 is under developping. You should use the latest KAME snap kit always. Get the latest kit from the KAME Project website.
MIP6 features are not enabled by default. You must prepare a new kernel configuration file and rebuild your kernel that is able to speak the MIP6 protocol. Also, some user-space programs need to be rebuilt. Follow the instruction below.
To enable MIP6 features, set the following kernel options in your kernel configuration file and rebuild the kernel.
options MIP6 options MIP6_DEBUG pseudo-device hif 1
If you specify MIP6_DEBUG, the kernel will print many debuging messages. Though it may be too noisy in some cases, it is very useful when you encounter some problems.
There are 4 user-space programs related to MIP6.
Go to the directory of rtadvd (${KAME}/freebsd4/sbin/rtadvd/ for FreeBSD), add the following line to its Makefile
CFLAGS+=-DMIP6
Recompile rtadvd and install it.
$ make clean $ make $ su (become the super user) # make install
-DMIP6 enables the -m switch which supports MIP6 related features of rtadvd.
had, mip6control, mip6stat are build automatically when other user-space programs are build. They are installed to /usr/local/v6/sbin/.
The KAME/MIP6 uses KAME IPsec to protect binding update messages and tunneled home test init/home test messages. You need to set up the security associations and policies properly.
Since the parameters are too complex enough to write down by hand, there are some utilities to aid this work. You can find mip6makeconfig.sh and mip6seccontrol.sh in the kame/kame/kame/mip6control/ directory.
First of all, you must create a configuration directory that holds MIP6 related IPsec set up files.
(become the super user) # mkdir /usr/local/v6/etc/mobileip6
Next, create directories for each mobile node. For example,
# mkdir /usr/local/v6/etc/mobileip6/mobile_node_0
The name of the directory is arbitrary.
Next, create a file named config in the directory. The contents of the file is looks like as below.
mobile_node=2001:200:0:0:201:11ff:fe54:4fde home_agent=2001:200:0:0:201:11ff:fe54:5ffc spi_mn_to_ha=2000 spi_ha_to_mn=2001 algorithm=blowfish-cbc secret="THIS_IS_MY_SECRET!!!"
mobile_node is an address of a mobile node. home_agent is an address of a home agent. spi_mn_to_ha is a SPI value from the mobile node to the home agent. spi_ha_to_mn is a SPI value of the reverse direction. algorithm is a name of the algorithm used by the IPsec stack. secret is a key for the algorithm specified by the algorithm paremeter.
Next, create parameter setting files by using mip6makeconfig.sh. For example,
# mip6makeconfig.sh mobile_node_0
Where mobile_node_0 is the directory name you have created in the /usr/local/v6/etc/mobileip6. After successful execution of this program, you will find 6 files created in the per node directory. Each file contains parameters for the IPsec (actually, the parameters for the setkey program).
mip6seccontrol.sh is a utility program to set/unset IPsec parameters.
You invoke the program on your mobile node like:
# mip6seccontrol.sh -m installall
This installs the IPsec parameters for all mobile nodes stored in the /usr/local/v6/etc/mobileip6 directory.
On the home agent, you invoke the program like:
# mip6seccontrol.sh -g installall
This installs the IPsec parameters for all mobile nodes stored in the /usr/local/v6/etc/mobileip6 directory.
To become a home agent, follow the instruction below.
fxp0:\ :maxinterval#60:mininterval#40:
fxp0 is the name of the interface which is your home network. If you want quick movement detection by receiving router advertisement messages, you may require a shorter interval than usual.
Create a rtadvd.conf and place it in a proper directory. Usually, the directory is /usr/local/v6/etc.
Assigning a home agent subnet anycast address makes it possible to do DHAAD (Dynamic Home Agent Address Discovery). The anycast address is calculated as follows.
If you have 64 bits length prefix (usually you do), concatinated address of your prefix and 0xfdfffffffffffffe is the home agent subnet anycast addrss. If your prefix is not 64 bits, fill host part bits from curving proper bits from the value 0xfffffffffffffffffffffffffffffffe. For example, if your prefix is 2001:200:1:2::/64, the home agent subnet anycast address is 2001:200:1:2:fdff:ffff:ffff:fffe.
If you are using FreeBSD, a static address configuration is usually done by editing /etc/rc.conf. For example,
ipv6_ifconfig_fxp0_alias0="2001:200:1:2:fdff:ffff:ffff:fffe prefixlen 64 anycast
will assign 2001:200:1:2:fdff:ffff:ffff:fffe as a home agent subnet anycast address to the fxp0 interface at a boot time.
If you are using NetBSD, you need create a file named /etc/ifconfig.fxp0. The file should contain the following line.
inet6 2001:200:1:2:fdff:ffff:ffff:fffe prefixlen 64 anycast alias
This will assign 2001:200:1:2:fdff:ffff:ffff:fffe as a home agent subnet anycast address to the fxp0 interface at a boot time.
We provide a startup script for the KAME/MIP6.
If you are using FreeBSD4, you will find rc and rc.mobileip6 in the /kame/freebsd4/etc directory. Copy those files to the /etc directory.
If you are using NetBSD, you can use rc.net6 in the /kame/kame/kame/etc directory. Take a look in this file and cut&paste the MIP6 related part from this script to your /etc/rc.local script.
To start a home agent, add the following lines to your /etc/rc.conf.
ipv6_mobile_enable="YES" ipv6_mobile_config_dir="/usr/local/v6/etc/mobileip6" ipv6_mobile_nodetype="home_agent" ipv6_mobile_home_link="fxp0"
fxp0 is the interface name of your home network.
To make a node as a mobile node, add the following lines to your /etc/rc.conf.
ipv6_mobile_enable="YES" ipv6_mobile_config_dir="/usr/local/v6/etc/mobileip6" ipv6_mobile_nodetype="mobile_node" ipv6_mobile_home_prefixes="2001:200:1:2::/64"
Replace '2001:200:1:2::' with your home prefix.
Please mail your problems to snap-users@kame.net .