[strongSwan] client network change drops VPN
tobias at strongswan.org
Mon Jul 8 11:48:36 CEST 2013
> However, once the VPN is established, if the client changes from one
> network to the other, the VPN connection does not survive. Below is the
> server log which shows a couple of "issues"
> 1 -- "UDP_ENCAP: Invalid argument" I'm not sure if that is relevant
This happens when charon tries to enable UDP decapsulation for IPv6.
> 2 -- "[KNL] unable to update SAD entry with SPI c48960bf: address changes
> are not supported" This sounds like an issue but it seems like with MOBIKE
> supported, address changes should be allowed. The Android client's log
> contains the statemen:
> "[IKE] requesting address change using MOBIKE"
As discussed on the FreeBSD forum  resolving this issue properly
would require patching the FreeBSD kernel.
But the gateway should actually try to rekey the CHILD_SA to work around
the above limitation.
More information about the Users