[strongSwan] [strongSwan-dev] Support for Routing rule modification via IKE informational requests after IKE tunnel is setup with gateway

Ravi Kanth Vanapalli vvnrk.vanapalli at gmail.com
Thu Jun 2 14:03:58 CEST 2016

Dear Andreas,

I am looking at the 3GPP spec TS 23.161 Release 13 for enabling NB-IFOM.
For instance Please refer to section " Routing Rules signalled via
Untrusted WLAN access"  of the spec.

Routing rules here mean "the range of traffic selectors allowed by the UE".
UE/Network can include multiple range of traffic selectors to the
Network/UE after the IKE tunnel is setup.
This information need to be carried via IKEv2 Informational request.

Section 1.2 of RFC 7296 specifys that Control messages can be exchanged
between peers. The routing rules are kindof control messages. RFC did not
specify about routing rules explicitly, but the strongswan can be enhanced
to support adding routing rules via IKEv2 INformational exchange.

I looked into source code, but currently looks like there is no such


On Thu, Jun 2, 2016 at 3:02 AM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Ravi,
> could you guide my to an RFC or Internet draft describing this dynamic
> update of traffic selectors? Or are you referring to the IKEv2 Mobility
> and Multihoming Protocol (RFC 4555 MOBIKE) which strongSwan has enabled
> by default:
>   https://www.strongswan.org/testing/testresults/ikev2/mobike/
> Regards
> Andreas
> On 01.06.2016 17:02, Ravi Kanth Vanapalli wrote:
>> Hi,
>>     I wanted to know if Strongswan supports routing rule modification
>> through means of IKE Informational requests after the IKE tunnel has
>> been setup.
>> eg scenario is
>> i) UE completed IKE_SA_INIT exchange with gateway.
>> ii) UE completed IKE_AUTH exchange with gateway.
>>   iii) IKE tunnel is setup with some traffic selector range TSi and TSr
>> iv) UE wants to modify the TSi and TSr.
>> v) UE sends IKE Informational exchange with updated TSi and TSr to
>> gateway..
>> Does Strongswan support sending the line (v) listed above ?
>> In other words is routing rule modification via IKE informational
>> exchange supported in Strongswan  ?
>> --
>> Regards,
>> RaviKanth
>> _______________________________________________
>> Dev mailing list
>> Dev at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/dev
> --
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160602/35c7da7a/attachment.html>

More information about the Users mailing list