
Hello<br><br>I'm performing some tests by using MOBIKE and I obtain an <span id="result_box" class="short_text" lang="en"><span title="Haz clic para obtener otras posibles traducciones" class="hps">unwanted behavior</span></span> as I show in the attached images. <br>


<br>When I initiate a handover procedure I switch off the interface used by means of ifdown/ifconfig down commands. Then, the handover is initiated by sending first an IKEv2 message from the secondary interface to check the connectivity, and then, it is sent the UPD_ADDR notify payload to indicate the other party about that handover. <br>


<br>If I perform the handover when sending UDP traffic (from the roadwarrior) at some rates (13kbps, 45kbps...) it seems that some packets leave the tunnel during the handover process. The images attached show that behaviour. Is this a bug? How can I hold that packets until the handover process will be completed? <br>


<br>Below, you have my ipsec.conf configuration.<br><br><blockquote style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;" class="gmail_quote"># Roadwarrior's /etc/ipsec.conf<br>


<br>config setup<br>        crlcheckinterval=180<br>        strictcrlpolicy=no<br>        plutostart=no<br>        charonstart=yes<br>        charondebug=all<br><br>conn %default<br>        ikelifetime=60m<br>        keylife=20m<br>


        rekeymargin=3m<br>        keyingtries=1<br>        keyexchange=ikev2<br><br>conn mobike<br>        left=100.10.10.10                               #Se ha de empezar desde la eth0<br>        #left=%any<br>        leftid="C=ES, O=IT-UC3M, OU=Users, CN=client gast"<br>


        #leftsourceip=%config<br>        leftcert=/etc/ipsec.d/certs/CLIENT_cert.pem<br>        right=200.20.20.20<br>        rightid="C=ES, O=IT-UC3M, OU=Users, CN=server gast"<br>        auto=add<br><br># SeGW's /etc/ipsec.conf<br>


<br>config setup<br>        crlcheckinterval=180<br>        strictcrlpolicy=no<br>        plutostart=no<br>        charonstart=yes<br>        charondebug=all<br><br>conn %default<br>        ikelifetime=60m<br>        keylife=20m<br>


        rekeymargin=3m<br>        keyingtries=1<br>        keyexchange=ikev2<br><br>conn mobike                     #client (.20) -> server (.10)<br>        left=200.20.20.20       <br>        leftid="C=ES, O=IT-UC3M, OU=Users, CN=server gast"<br>


        leftcert=/etc/ipsec.d/certs/SERVER_cert.pem<br>        #right=100.10.10.10<br>        right=%any<br>        #rightsourceip=10.5.5.5<br>        rightid="C=ES, O=IT-UC3M, OU=Users, CN=client gast"<br>        auto=add<br>


</blockquote><br><br>Best regards, <br><br>Patricia.<br>