[strongSwan] MOBIKE switching bug in gateway with two external interfaces
Tobias Brunner
tobias at strongswan.org
Fri Mar 9 10:38:33 CET 2012
Hi Simon,
> Seems MOBIKE message processing needs to store the message's source IP
> addr along with the other ADDITIONAL_IPV4_ADDRESS. Use ike_sa to
> "remember" this address separately is not safe. It requires
> code to add it in the additional_addresses list before it is overwritten
> by N(UPDATE_SA_ADDRESSES).
You are right, we should store the peer's current address in this list.
I pushed some commits to our repository to fix this (see [1]-[4]).
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=2fe624cc
[2] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=94bbc602
[3] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=72b28112
[4] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=cd6b5bf8
More information about the Users
mailing list