[strongSwan-dev] IPsec & mobility

Andreas Steffen andreas.steffen at strongswan.org
Fri Aug 19 13:01:36 CEST 2011


Hi Gabriel,

with a virtual IP in place the IPsec policy shouldn't change at all,
just the IPsec SA between the endpoint should be updated since the
outer endpoint address changed.

Is this the case in your setup?

Regards

Andreas

On 19.08.2011 10:27, Gabriel Ganne wrote:
> Hi,
> 
> I am testing IKEv2 mobility performance, in tunnel mode, during an FTP
> transfer over TCP, and I have the following problem :
> 
> If I do an ftp command ( ls ), then change interface and shut down the
> one previously used , then re-ls, everything seems to work fine : the
> policies have been updated correctly, and the connection is working
> through the new interface.
> 
> Now, if I begin a big ftp transfer (5Go) and do the same mobility
> operation as before, then the connection is stalled. The policies still
> are changed correctly, and the informational messages are sent. There
> just is no more ftp data sent.
> 
> Any Idea why this is happening ?
> 
> 
> I am using strongswan 4.5.3 on both ends.
> My configuration is similar to the one in ikev2/mobike-virtual-ip in the
> wiki.
> I am using lftp as a ftp client and tnftpd for the server, both in their
> default configuration.
> Client is a fedora 15 lovelock, with linux 2.6.39
> Server is an Ubuntu server 10.04, with linux 2.6.39
> 
> Regards,
> 
> -- 
> Gabriel Ganne

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Dev mailing list