[strongSwan] MOBIKE

Patricia de Noriega pnoriega at it.uc3m.es
Fri Jul 29 16:03:11 CEST 2011

hi Tobias,

On 29 July 2011 15:58, Tobias Brunner <tobias at strongswan.org> wrote:

> Hi Patricia,
> > I've tested strongswan-4.5.3rc2 and I still get the same behaviour.
> > I'm testing MOBIKE by sending CBR traffic from the initiator at a
> > rate of 45Kbps.
> >
>> When I deactivate eth0 I obtain the behavior that you can see on one.png.
>> Then, I activate eth0 again and deactivate eth1 and I obtain the
>> behaviour showed in two.png (nothing strange).
> Ah, the problem here is not exactly what I described previously and not
> quite what the patch fixes.  The problem in this situation is that the
> original IPsec SA covers packets between and
>  Now, when goes down, there is simply no IPsec SA yet which
> covers eth1's  MOBIKE has first to determine this as a valid
> path and then update the SA appropriately. The submitted patch basically
> fixes this last update step.  So how do you fix it?  Well, you have to make
> sure that 'left' (the IP address that might change) is not part of the local
> traffic selector.  To do so I'd recommend you assign your client a virtual
> IP address.

I've test also with virtual IP's and I obtain the same behaviour :(

> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110729/08e6f3f3/attachment.html>

More information about the Users mailing list