[strongSwan-dev] MOBIKE

Andreas Steffen andreas.steffen at strongswan.org
Mon Apr 11 19:11:35 CEST 2011 

Hello Patricia,

If you want to keep up a TCP connection over a MOBIKE address
change you must use a constant virtual IP address within the
tunnel. A TCP socket cannot cope with an IP address changes from
192.168.100.20 to 192.168.100.21. Thus on your client define

  leftsourceip=%config

and let the VPN gateway assign a virtual address e.g. 10.1.0.5
which stays constant over the change of the outer tunnel IP
from 192.168.100.20 to 192.168.100.21

Regards

Andreas

On 11.04.2011 18:37, Patricia de Noriega wrote:
> Hi all,
> 
> I'm trying some MOBIKE scenarios over UML (User Mode Linux) and it works
> when I send some ICMP messages. However, I'd like to do some tests with
> other traffic such as streaming or real time voice.
> 
> After establish a MOBIKE session, I've sent UDP traffic by means of
> IPERF and TCP by copiying a directory using the SCP command. Traffic
> goes through the tunnel but when I disable the current interface the
> traffic goes through other available interface but not through the
> tunnel prevously established. I've checked charon.log and it seems that
> MOBIKE works correctly.
> 
> This is the client's charon.log
> 
>     05[IKE] CHILD_SA mobike{1} established with SPIs c30a0368_i
>     cc0eb9e6_o and TS 192.168.100.20/32 <http://192.168.100.20/32> ===
>     192.168.100.10/32 <http://192.168.100.10/32>
>     05[IKE] received AUTH_LIFETIME of 3398s, scheduling reauthentication
>     in 3218s
>     05[IKE] peer supports MOBIKE
>     10[KNL] interface eth0 deactivated
>     10[KNL] fe80::fcfd:ff:fe00:300 disappeared from eth0
>     01[IKE] requesting address change using MOBIKE
>     01[ENC] generating INFORMATIONAL request 2 [ N(ADD_4_ADDR) ]
>     01[IKE] checking original path 192.168.100.21[4500] -
>     192.168.100.10[4500]
>     01[NET] sending packet: from 192.168.100.21[4500] to
>     192.168.100.10[4500]
>     09[NET] received packet: from 192.168.100.10[4500] to
>     192.168.100.21[4500]
>     09[ENC] parsed INFORMATIONAL response 2 [ ]
>     09[KNL] received netlink error: No such process (3)
>     09[KNL] error uninstalling route installed with policy
>     192.168.100.10/32 <http://192.168.100.10/32> === 192.168.100.20/32
>     <http://192.168.100.20/32> fwd
>     09[ENC] generating INFORMATIONAL request 3 [ N(UPD_SA_ADDR)
>     N(NATD_S_IP) N(NATD_D_IP) N(COOKIE2) ]
>     09[NET] sending packet: from 192.168.100.21[4500] to
>     192.168.100.10[4500]
>     15[NET] received packet: from 192.168.100.10[4500] to
>     192.168.100.21[4500]
>     15[ENC] parsed INFORMATIONAL response 3 [ N(NATD_S_IP) N(NATD_D_IP)
>     N(COOKIE2) ]

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Dev mailing list