[strongSwan] MOBIKE
Patricia de Noriega
pnoriega at it.uc3m.es
Tue Jul 26 18:19:43 CEST 2011
Hello
I'm performing some tests by using MOBIKE and I obtain an unwanted
behavioras I show in the attached images.
When I initiate a handover procedure I switch off the interface used by
means of ifdown/ifconfig down commands. Then, the handover is initiated by
sending first an IKEv2 message from the secondary interface to check the
connectivity, and then, it is sent the UPD_ADDR notify payload to indicate
the other party about that handover.
If I perform the handover when sending UDP traffic (from the roadwarrior) at
some rates (13kbps, 45kbps...) it seems that some packets leave the tunnel
during the handover process. The images attached show that behaviour. Is
this a bug? How can I hold that packets until the handover process will be
completed?
Below, you have my ipsec.conf configuration.
# Roadwarrior's /etc/ipsec.conf
>
> config setup
> crlcheckinterval=180
> strictcrlpolicy=no
> plutostart=no
> charonstart=yes
> charondebug=all
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
>
> conn mobike
> left=100.10.10.10 #Se ha de empezar
> desde la eth0
> #left=%any
> leftid="C=ES, O=IT-UC3M, OU=Users, CN=client gast"
> #leftsourceip=%config
> leftcert=/etc/ipsec.d/certs/CLIENT_cert.pem
> right=200.20.20.20
> rightid="C=ES, O=IT-UC3M, OU=Users, CN=server gast"
> auto=add
>
> # SeGW's /etc/ipsec.conf
>
> config setup
> crlcheckinterval=180
> strictcrlpolicy=no
> plutostart=no
> charonstart=yes
> charondebug=all
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
>
> conn mobike #client (.20) -> server (.10)
> left=200.20.20.20
> leftid="C=ES, O=IT-UC3M, OU=Users, CN=server gast"
> leftcert=/etc/ipsec.d/certs/SERVER_cert.pem
> #right=100.10.10.10
> right=%any
> #rightsourceip=10.5.5.5
> rightid="C=ES, O=IT-UC3M, OU=Users, CN=client gast"
> auto=add
>
Best regards,
Patricia.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110726/d8675488/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Imagen 1.png
Type: image/png
Size: 128744 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110726/d8675488/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Imagen 2.png
Type: image/png
Size: 120789 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110726/d8675488/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Imagen 3.png
Type: image/png
Size: 109858 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110726/d8675488/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Imagen 4.png
Type: image/png
Size: 101379 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110726/d8675488/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Imagen 5.png
Type: image/png
Size: 84678 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110726/d8675488/attachment-0004.png>
More information about the Users
mailing list