[strongSwan-dev] Fwd: MOBIKE support

Patricia de Noriega pnoriega at it.uc3m.es
Mon Mar 28 11:53:49 CEST 2011 

Hi all,

I'm testing MOBIKE between two parties and I've obtained a strange result.

At first, the initiator peer has two available interfaces, eth0 and eth1.
The connection is established successfully from its eth0 interface.

00[DMN] Starting IKEv2 charon daemon (strongSwan 4.4.1)
> 00[KNL] listening on interfaces:
> 00[KNL]   eth0
> 00[KNL]     192.168.100.20
> 00[KNL]     fe80::fcfd:ff:fe00:300
> 00[KNL]   eth1
> 00[KNL]     192.168.100.*21*
> 00[KNL]     fe80::fcfd:ff:fe00:301
>

14[IKE] IKE_SA mobike[1] established between 192.168.100.20[C=ES, O=IT-UC3M,
OU=Users, CN=client gast]...192.168.100.10[C=ES, O=IT-UC3M, OU=Users,
CN=server gast]

If I disable the eth0 interface, strongswan updates at first the IP
available pool sending an INFORMATIONAL[ N(ADD_4_ADDR) ] from the eth1
interface (the unique interface available) and then sends the update address
(INFORMATIONAL [ N(UPD_SA_ADDR) N(NATD_S_IP) N(NATD_D_IP) N(COOKIE2) ].

03[KNL] interface eth0 deactivated
> 03[KNL] fe80::fcfd:ff:fe00:300 disappeared from eth0
> 10[IKE] requesting address change using MOBIKE
> 10[ENC] generating INFORMATIONAL request 2 [ N(ADD_4_ADDR) ]
> 10[IKE] checking original path 192.168.100.*21*[4500] -
> 192.168.100.10[4500]
> 10[NET] sending packet: from 192.168.100.*21*[4500] to
> 192.168.100.10[4500]
> 11[NET] received packet: from 192.168.100.10[4500] to 192.168.100.*21*
> [4500]
> 11[ENC] parsed INFORMATIONAL response 2 [ ]
> 11[KNL] received netlink error: No such process (3)
> 11[KNL] error uninstalling route installed with policy 192.168.100.10/32===
> 192.168.100.20/32 fwd
> 11[ENC] generating INFORMATIONAL request 3 [ N(UPD_SA_ADDR) N(NATD_S_IP)
> N(NATD_D_IP) N(COOKIE2) ]
> 11[NET] sending packet: from 192.168.100.*21*[4500] to
> 192.168.100.10[4500]
> 12[NET] received packet: from 192.168.100.10[4500] to 192.168.100.*21*
> [4500]
> 12[ENC] parsed INFORMATIONAL response 3 [ N(NATD_S_IP) N(NATD_D_IP)
> N(COOKIE2) ]
>

Is this behaviour normal? Why it doesn't send the N(UPD_SA_ADDR) first of
all? The responder peer can accept packets from other IPs without receive
the N(UPD_SA_ADDR)?

Finally, when the initiator peer has only one interface available and it
sends the INFORMATIONAL[ N(ADD_4_ADDR) ] to update the list, why doesn't
send a  INFORMATIONAL[ N(NO_ADD_ADDR) ]? in this point it has only one IP
available and it is using to communicate with the responder.

Thanks in advance :)
**
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20110328/17e71a0d/attachment.html>

More information about the Dev mailing list