Date: Fri, 01 Aug 1997 11:00:50 -0700 From: Bill Trost <trost@cs.pdx.edu> To: security@freebsd.org Subject: Mobile IP for FreeBSD from Portland State University Message-ID: <m0wuM0Q-0000C3C@cloud.rain.com>
next in thread | raw e-mail | index | archive | help
Portland State University's newest release of Mobile IP for FreeBSD is now
available. This release combines Mobile IP routing with IPSEC security.
Mobile IP is a network protocol that allows hosts ("mobile nodes") to
change their point of Internet connectivity without having to change their
IP address.
ftp://ftp.cs.pdx.edu/pub/mobile/mip-July97.tar.gz contains the release. It
includes kernel sources based on FreeBSD 2.2.1 and PAO-970331, including
ISA and PCMCIA WaveLAN drivers, source code for Mobile IP utilities and
daemons, and binaries of all the user-level programs.
Portions of the release are export controlled. They can only be downloaded
by filling out a form at http://web.mit.edu/network/isakmp/isakmpform.html.
New in this release:
* IPSEC support within the Mobile IP daemons. All traffic between mobile
nodes and their home agents may be encrypted, essentially creating a
virtual private network. Foreign agents are not involved in the IPSEC
security associations, but are tunneled over. In this release, encryption is
supported only when the mobile node is at a foreign agent unless PSU's ad
hoc mode; in that case, encryption may be used when the mobile node is at
its home agent as well as at foreign agents.
Also, foreign agents may require home agents to authenticate IPIP packets
they send, preventing attackers from using foreign agents to circumvent a
firewall.
* Ported to FreeBSD 2.2.1.
* Interoperability fixes from the interoperathon tests sponsored by FTP
Inc. shortly before the Memphis IETF meeting.
* Numerous bug fixes.
Noteworthy properties of PSU's implementation in general:
* Foreign agent switching based on WaveLAN signal strength (other link
layer technologies are supported, but switching is less intelligent).
* An optional replacement for ARP called "ad hoc" mode that eliminates
ARP spoofing attacks. In this mode, logical networks are defined by a
shared secret key, and every host regularly broadcasts its MAC->IP address
binding. This mode also permit mobile nodes to communicate with each other
directly, even if no foreign or home agents can be accessed.
* Minimal kernel changes that provide basic, general-purpose mechanisms
upon which Mobile IP daemons are implemented.
* Foreign agents can have mobile security associations with both mobile
nodes and home agents, as described in the RFC.
* X-based user interface to monitor and control the mobile node.
* Both multicast and broadcast agent advertisements.
* ISA and PCMCIA WaveLAN drivers and applications to configure them.
* NRL's IPSEC, ported to FreeBSD, with extensions to allow IPSEC security
associations to be bound to routes. This allows virtual private networks
to be created by simply configuring the routing table appropriately.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0wuM0Q-0000C3C>