中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeNetworking TechnologiesNetworking TCP/IPAn IPv6 Deployment Guide Chapter 5: Integration and Transition

5.5.6.3 Availability DSTM for Linux (RedHat 7.3, 8.0, 9.0)(1)

Availability DSTM (currently version 2.1) for Linux is available from ENST and is virtually identical to the FreeBSD version available from the same source. The Server and TEP components must be co-located to work under this implementation and the client must be installed on any host that requires DSTM, the components communicate via RPCv6. The mechanism is available from the link below.

http://www.ipv6.rennes.enst-bretagne.fr/dstm/

Initial Installation and Configuration

To install DSTM the files must first be unzipped/untarred into an appropriate directory and the system modules compiled and installed. Regardless of the module required, the same basic configuration steps must be taken. First the system module must be compiled using the ‘make system’ and ‘make installsystem’ commands. Mostly there is no need of a kernel rebuild but the modules work only on a 2.4.* kernel where ipv6 is a module. Otherwise for new kernel versions, see‘linux/00README’and the module ipv6f and sometimes kernel rebuild will be needed after applying the given kernel patch.

Also for the new kernels the module stuff (insmod etc.) has changed and hence must be updated.The RPCv6 patch is not required even when using RPC. When using TSP + SSL one needs certificates, when only using TSP certificates are not needed.

Server/TEP Installation and Configuration

Installing the Server/TEP module (rpcdstmd), is done by moving to the ‘/dstmd/server’directory and running the ‘make’ and ‘make install’ commands.

The server is configured via the rpcdstmd.conf file that takes the following format:

There is some minor additional setup to be done at this point before the server can be started. First, IPv4 forwarding must be enabled:

# sysctl -w net.ipv4.ip_forward=1

Also, a lease file must be created:

# touch /var/db/rpcdstmd.lease

The needed modules are now automatically loaded and tunnels re created if needed, so there is no need for “-load” or “-create” options when running the server.

When running the server with RPC support one can execute:

# /usr/src/sbin/dstmd/server/rpcdstmd –notsp –rpcport 6000

To start the server with TSP support the command is the following:

# /usr/src/sbin/dstmd/server/rpcdstmd –tspport 6000

When using both SSL and TSP the program rpcdstmd has to be started with the following additional
options:

-key /etc/dstmd/cert.pem –ca /etc/dstmd/cacert.pem

Of course the filenames “cert.pem” and “cacert.pem” need to be substituted with the real certificates on the system.

Also add the options:

-pass /etc/dstmd/pass
                                -cert /etc/dstmd/accepted.pem

if either file exists and should be used.

Sometimes when the modules like dti.o are required, they do not load while launching the server then the modules should be loaded by using “insmod dti.o” or the “modprobe” after changing to the dstmd/linux/dtmod directory.
‹ 5.5.6.2 DSTM using TSP-SSL (in a VPN scenario) on FreeBSD(2)up5.5.6.3 DSTM for Linux (RedHat 7.3, 8.0, 9.0)(2) ›