To install the DSTM client module (dstmd) the 'make', 'make install' commands should be run from the '/dstmd' directory but no further configuration is necessary.

To run dstmd, a number of command line options must be included. One has to specify the server name (or IPv6 address) and port number that identifies the server and also an option to load the rpc module is necessary under Linux.

# dstmd -rpcserver penguin.trans.ipv6-uk.net -port 6000

When using TSP one can use the following command:

# dstmd –port 3545 –tspserver 2001:688:1fa1:2::100

When also using SSL with TSP one has to start the dstmd with the additional options:

-key /etc/dstmd/cert.pem –ca /etc/dstmd/cacert.pem

Of course the filenames "cert.pem" and "cacert.pem" need to be substituted with the real certificates on the system.

Also add the options:

-pass /etc/dstmd/pass
         -cert /etc/dstmd/accepted.pem

if either file exists and should be used.

Sometimes when the modules like dti.o are required, they do not load while launching the server then the modules should be loaded by using "insmod dti.o" or the "modprobe" after changing to the dstmd/linux/dtmod directory.

Client Installation and Configuration

To install the DSTM client module (dstmd) the 'make', 'make install' commands should be run from the '/dstmd' directory but no further configuration is necessary.

To run dstmd, a number of command line options must be included. One has to specify the server name (or IPv6 address) and port number that identifies the server and also an option to load the rpc module is necessary under Linux.

# dstmd -rpcserver penguin.trans.ipv6-uk.net -port 6000

When using TSP one can use the following command:

# dstmd –port 3545 –tspserver 2001:688:1fa1:2::100

When also using SSL with TSP one has to start the dstmd with the additional options:

-key /etc/dstmd/cert.pem –ca /etc/dstmd/cacert.pem

Also add the following options when either file is present and should be used:

-pass /etc/dstmd/pass
-cert /etc/dstmd/accepted.pem

in the file /etc/resolv.conf on a client host. Otherwise one should at least not specify a hostname for the
rpcserver option of the dstmd client if one uses IPv4 name resolution.

When the module dstm.o is required, it sometimes does not load automatically when launching the client. I those cases the module can be loaded by hand through the use of either the command.

Operational and Installation Issues

When installing DSTM under Linux (RedHat 7.3 or later) there were a number of issues encountered. Primarily, the kernel source (exact same version) is required in order to install properly and under RedHat (and perhaps other Linux derivatives) this is not in the default location. This can be resolved by providing a command line redirect. Also, when compiling the system module, the 'make system' and 'make installsystem' commands should be run, not 'make systeminstall' as listed.

Installation of DSTM on a Linux host with kernel 2.6.x, things where a little more complicated as IPv6 was not a module which made it necessary to patch the kernel itself and rebuild it completely. Even in this case though the modules dti.o or dstm.o sometimes fail to load automatically.

When installing the DSTM client (dstmd), the make install command fails due to dstmd.8 not being in /usr/local/man/man8. Under RedHat there is no /usr/local/man/man8 directory so this must be created and the dstmd.8 file copied there manually.

Also, when installing the server (rpcdstmd) the instructions specify to use 'make depend','make' and'make install', we found the 'make depend' command did nothing and so is unnecessary.'modprobe' or "insmod"(after changing to dstmd/linux/dstmmod).

When installation and configuration is accomplished it should be possible for every DSTM client to communicate with IPv4 hosts using IPv4 applications. Moreover if the DSTM server is used with SSL options then the IPv4 address allocation takes place only after verifying the certificates. DSTM clients without a valid certificate are denied for address allocation. This greatly increases security but also slows down the process of address allocation and hence initialisation of IPv4 communication. It also makes it a little more complicated for the user end as one need to come by the SSL certificates beforehand.

As with the FreeBSD implementation, IPv4 communication can only by initiated by a DSTM client, because the DSTM client is the one that requests the tunnel to be set up. There exists however a DSTM implementation that was not tested yet which permits communication to be initiated by outside (IPv4-only) hosts.

Conclusions

While the Linux version of DSTM is essentially the same as in FreeBSD, the installation and configuration is less complicated than the FreeBSD version and should be given preference. For example, the RPC patch is not required and various configuration options are simplified under Linux.

In addition to the version evaluated here from ENST, there is a gateway/TEP mechanism available in the 6wind routers and there is now a DSTM Client for Windows XP from 6talk.net that should work with this implementation. However, while we can confirm that the 6wind gateway works with this to some extent, neither has been evaluated here.