tobias at strongswan.org
Fri Jul 29 15:58:50 CEST 2011
> I've tested strongswan-4.5.3rc2 and I still get the same behaviour.
> I'm testing MOBIKE by sending CBR traffic from the initiator at a
> rate of 45Kbps.
> When I deactivate eth0 I obtain the behavior that you can see on one.png.
> Then, I activate eth0 again and deactivate eth1 and I obtain the
> behaviour showed in two.png (nothing strange).
Ah, the problem here is not exactly what I described previously and not
quite what the patch fixes. The problem in this situation is that the
original IPsec SA covers packets between 220.127.116.11 and
18.104.22.168. Now, when 22.214.171.124 goes down, there is simply no
IPsec SA yet which covers eth1's 126.96.36.199. MOBIKE has first to
determine this as a valid path and then update the SA appropriately.
The submitted patch basically fixes this last update step. So how do
you fix it? Well, you have to make sure that 'left' (the IP address
that might change) is not part of the local traffic selector. To do so
I'd recommend you assign your client a virtual IP address.
More information about the Users