Patricia de Noriega
pnoriega at it.uc3m.es
Fri Jul 29 16:03:11 CEST 2011
On 29 July 2011 15:58, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Patricia,
> > I've tested strongswan-4.5.3rc2 and I still get the same behaviour.
> > I'm testing MOBIKE by sending CBR traffic from the initiator at a
> > rate of 45Kbps.
>> When I deactivate eth0 I obtain the behavior that you can see on one.png.
>> Then, I activate eth0 again and deactivate eth1 and I obtain the
>> behaviour showed in two.png (nothing strange).
> Ah, the problem here is not exactly what I described previously and not
> quite what the patch fixes. The problem in this situation is that the
> original IPsec SA covers packets between 126.96.36.199 and 188.8.131.52.
> Now, when 184.108.40.206 goes down, there is simply no IPsec SA yet which
> covers eth1's 220.127.116.11. MOBIKE has first to determine this as a valid
> path and then update the SA appropriately. The submitted patch basically
> fixes this last update step. So how do you fix it? Well, you have to make
> sure that 'left' (the IP address that might change) is not part of the local
> traffic selector. To do so I'd recommend you assign your client a virtual
> IP address.
I've test also with virtual IP's and I obtain the same behaviour :(
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users