[strongSwan] IPSec on mobile connection with dynamic ip.

Martin Willi martin at strongswan.org
Wed Jul 21 18:26:20 CEST 2010


> after ipsec update tunnel was established but did not work (old polices ?)

Probably yes.

> 22:43:38 01[IKE] no route found to reach 217.29.8.1, MOBIKE update deferred
> 22:44:05 14[IKE] sending DPD request

This is a little unlucky: before MOBIKE finds a route, a DPD check is
enforced and tries hard to find the peer over the old address.

We currently do not suspend DPD checks, and this shortcoming prevents
the MOBIKE update to start. Maybe I find a way to delay DPD and rekeying
tasks, but it's not trivial to implement.

I'd try to increase the DPD timeout, or disable it completely.

Regards
Martin





More information about the Users mailing list