NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | ATTRIBUTES | SEE ALSO | NOTES
/etc/inet/mipagent.conf
/etc/inet/mipagent.conf is the configuration file used to initialize the Mobile IP mobility agent described in mipagent(1M). Three sample configuration files are located in the /etc/inet directory:
/etc/inet/mipagent.conf-sample
/etc/inet/mipagent.conf.ha-sample
/etc/inet/mipagent.conf.fa-sample
Blank lines are ignored. Lines beginning with the hash character (#) are treated as comments. Sections are denoted by identifiers in brackets. Each section can contain multiple attribute-value pairs. The syntax of an attribute-value pair is an identifier, followed by an equal sign (=), followed by a value.
The following sections and attribute-value pairs must be present in /etc/inet/mipagent.conf:
This section contains the Version attribute.
Version is required. For the current release of Mobile IP in Solaris, Version must be 1. Consequently, the default value is 1.
This section identifies the interfaces that will serve as Mobile IP mobility agents. One or more the of the following attribute-value pairs may be found in this section:
Lifetime (in seconds) advertised in the ICMP router discovery portion of an agent advertisement. See RFC 1256. The default value is 300.
Lifetime (in seconds) advertised in the mobility extension of an agent advertisement. The default value is 300.
The frequency at which agent advertisements are sent and when different entries are aged. This interval must be less than one-third of AdvLifeTime. The default value is 4.
Indicates if this agent can act as a home agent. The default value is yes.
Indicates if this agent can act as a foreign agent. The default value is yes.
Enables the prefix length extension. The default value is yes.
Enables the Network Access Identifier (NAI) extension. The default value is yes.
Enables the foreign agent challenge extension. The default value is no.
Indicates if this interface supports reverse tunneling as specified in RFC 2344. ReverseTunnel can contain one of the following values:
Indicates this interface does not support reverse tunneling.
Indicates only the foreign agent supports reverse tunneling.
Indicates only the home agent supports reverse tunneling.
Indicates that both foreign and home agents support reverse tunneling as specified in RFC 2344.
The default value for ReverseTunnel is no.
Indicates if this interface will require reverse tunneling as specified in RFC 2344. ReverseTunnelRequired can contain one of the following values:
Indicates this interface will not require reverse tunneling.
Indicates only the foreign agent will require a reverse tunnel.
Indicates only the home agent will require a reverse tunnel.
Indicates that both foreign and home agents will require a reverse tunnel.
The default value for ReverseTunnelRequired is no.
This section defines the global security parameters that will be used to authenticate mobile nodes. MN-HA authentication is always enabled. This section may contain one or more the of the following attribute-value pairs:
Enables home agent - foreign agent authentication. The default value is yes.
Enables mobile node - foreign agent authentication. The default value is no.
The maximum allowable difference in clocks, in seconds, that will be tolerated. This is used for replay protection. The default value is 300.
This attribute defines where keys are found. The default for this Version of Solaris Mobile IP software is files.
These sections define multiple Security Parameter Indices (SPIs). One section is required for each security context. These SPI values are used in the Address section to define the security used for a particular mobile node or agent. In this section, both the Key and ReplayMethod attributes must be present.
The hexadecimal representation of the key used for authentication.
The replay method. Possible values are timestamps or none.
These sections define address pools for dynamically assigned IP addresses. The Start and Length attributes both must be present.
The beginning range of the IP address from which to allocate an IP address in dotted quad notation.
The length of the IP address range.
This section defines the security policy used for each host for which an NAI or IP address is specified in the section header. The keyword node-default is used to create a single entry that can be used by any mobile node that has the correct SPI and associated keying information. This section specifies the SPI, and in the case of mobile nodes, pool numbers for NAI addresses.
Indicates whether the address entry specifies a mobile node or a mobility agent.
The SPI used for this Address.
The Pool used for this NAI address. The Pool keyword may only be present if the Type operand is set to mobile node.
The following example shows the configuration file for a mobility agent that provides mobility services on one interface (le0). The mobility agent acts both as a home agent as well as a foreign agent on that interface. It includes the prefix length in its advertisements. Its home and foreign agent functions support reverse tunneling, but only the foreign agent requires that a reverse tunnel be configured. The mobility agent provides home agent services to three mobile nodes: 192.168.10.17, 192.168.10.18, and the NAI address user@defaultdomain.com.
With the first mobile node, the agent uses an SPI of 257 (decimal) and a shared secret key that is six bytes long containing alternate bytes that are 0 and 255 (decimal). For the second mobile node, the SPI is 541 (decimal), the key is 10 bytes, and it contains the decimal values 11 through 20 in those bytes. The first mobile node uses no replay protection, and the second uses timestamps. The third mobile node uses NAI and gets its address from Pool 1.
The mobile node will also need to be configured with the same security association that is specified in the home agent's configuration file.
# start of file [ General ] Version = 1 [ Advertisements le0 ] AdvLifeTime = 200 RegLifetime = 200 AdvFrequency = 5 AdvertiseOnBcast = yes HomeAgent = yes ForeignAgent = yes PrefixFlags = yes ReverseTunnel = both ReverseTunnelRequired = FA [ GlobalSecurityParameters ] HA-FAAuth = no MN-FAAuth = no KeyDistribution = files [ SPI 257 ] Key = 00ff00ff00ff ReplayMethod = none [ SPI 541 ] Key = 0b0c0d0e0f1011121314 ReplayMethod = timestamps [ Pool 1 ] Start = 192.168.167.1 Length = 250 [ Address 192.168.10.17 ] Type = node SPI = 257 [ Address 192.168.10.18 ] Type = node SPI = 541 [ Address user@defaultdomain.com ] Type = node SPI = 541 Pool = 1 [ Address node-default ] Type = node SPI = 541 Pool = 1 #end of file
Configuration file for Mobile IP mobility agent
Sample configuration file for mobility agents.
Sample configuration file for home agent functionality.
Sample configuration file for foreign agent functionality.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWmipr |
mipagent(1M), mipagentconfig(1M), attributes(5)
Deering, S., editor. RFC 1256, ICMP Router Discovery Messages. Network Working Group. September 1991.
Montenegro, G., editor. RFC 2344, Reverse Tunneling For Mobile IP. Network Working Group. May 1998.
Perkins, C., editor. RFC 2002, IP Mobility Support. Network Working Group. October 1996.
The base Mobile IP protocol (RFC 2002) does not address the problem of scalable key distribution and treats key distribution as an orthogonal issue. The Solaris Mobile IP software utilizes manually configured keys only, specified in a configuration file.
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | ATTRIBUTES | SEE ALSO | NOTES