[strongSwan-dev] MOBIKE

Andreas Steffen andreas.steffen at strongswan.org
Mon Apr 11 19:11:35 CEST 2011

Hello Patricia,

If you want to keep up a TCP connection over a MOBIKE address
change you must use a constant virtual IP address within the
tunnel. A TCP socket cannot cope with an IP address changes from to Thus on your client define


and let the VPN gateway assign a virtual address e.g.
which stays constant over the change of the outer tunnel IP
from to



On 11.04.2011 18:37, Patricia de Noriega wrote:
> Hi all,
> I'm trying some MOBIKE scenarios over UML (User Mode Linux) and it works
> when I send some ICMP messages. However, I'd like to do some tests with
> other traffic such as streaming or real time voice.
> After establish a MOBIKE session, I've sent UDP traffic by means of
> IPERF and TCP by copiying a directory using the SCP command. Traffic
> goes through the tunnel but when I disable the current interface the
> traffic goes through other available interface but not through the
> tunnel prevously established. I've checked charon.log and it seems that
> MOBIKE works correctly.
> This is the client's charon.log
>     05[IKE] CHILD_SA mobike{1} established with SPIs c30a0368_i
>     cc0eb9e6_o and TS <> ===
> <>
>     05[IKE] received AUTH_LIFETIME of 3398s, scheduling reauthentication
>     in 3218s
>     05[IKE] peer supports MOBIKE
>     10[KNL] interface eth0 deactivated
>     10[KNL] fe80::fcfd:ff:fe00:300 disappeared from eth0
>     01[IKE] requesting address change using MOBIKE
>     01[ENC] generating INFORMATIONAL request 2 [ N(ADD_4_ADDR) ]
>     01[IKE] checking original path[4500] -
>     01[NET] sending packet: from[4500] to
>     09[NET] received packet: from[4500] to
>     09[ENC] parsed INFORMATIONAL response 2 [ ]
>     09[KNL] received netlink error: No such process (3)
>     09[KNL] error uninstalling route installed with policy
> <> ===
>     <> fwd
>     09[ENC] generating INFORMATIONAL request 3 [ N(UPD_SA_ADDR)
>     09[NET] sending packet: from[4500] to
>     15[NET] received packet: from[4500] to
>     15[ENC] parsed INFORMATIONAL response 3 [ N(NATD_S_IP) N(NATD_D_IP)
>     N(COOKIE2) ]

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Dev mailing list