[strongSwan] triggering MOBIKE in strongswan

Andreas Steffen andreas.steffen at strongswan.org
Wed Nov 16 22:42:46 CET 2016


Hi Ravi,

yes, your understanding is correct. Our MOBIKE example scenario

https://www.strongswan.org/testing/testresults/ikev2/mobike/index.html

shows the interface change:

13[IKE] peer supports MOBIKE
07[KNL] 192.168.0.50 disappeared from eth1
15[KNL] interface eth1 deactivated
16[KNL] fec0::5 disappeared from eth1
07[KNL] fe80::5054:ff:fe3b:cd7 disappeared from eth1
12[IKE] old path is not available anymore, try to find another
12[IKE] looking for a route to 192.168.0.2 ...
12[IKE] requesting address change using MOBIKE
12[ENC] generating INFORMATIONAL request 2 [ ]
12[IKE] checking path 10.1.0.10[4500] - 192.168.0.2[4500]
12[NET] sending packet: from 10.1.0.10[4500] to 192.168.0.2[4500] (80 bytes)
12[IKE] checking path 10.1.0.10[4500] - 10.2.0.1[4500]
12[NET] sending packet: from 10.1.0.10[4500] to 10.2.0.1[4500] (80 bytes)
15[NET] received packet: from 192.168.0.2[4500] to 10.1.0.10[4500] (80
bytes)
15[ENC] parsed INFORMATIONAL response 2 [ ]
15[ENC] generating INFORMATIONAL request 3 [ N(UPD_SA_ADDR) N(NATD_S_IP)
N(NATD_D_IP) N(COOKIE2) N(ADD_6_ADDR) ]
15[NET] sending packet: from 10.1.0.10[4500] to 192.168.0.2[4500] (192
bytes)
13[NET] received packet: from 192.168.0.2[4500] to 10.1.0.10[4500] (160
bytes)
13[ENC] parsed INFORMATIONAL response 3 [ N(NATD_S_IP) N(NATD_D_IP)
N(COOKIE2) ]

Regards

Andreas

On 16.11.2016 15:54, Ravi Kanth Vanapalli wrote:
> Hi,
> 
>    I wanted to know how is MOBIKE triggered in Strongswan.
>    I have setup an IKEv2 connection to the gateway with MOBIKE enabled.
> I confirmed it from the logs.
>    My understanding of MOBIKE is, if the default route to the gateway is
> changed i.e lets say from IP1 to IP2.  IP1 is on interface 1 , IP2 is on
> interface 2, UE triggers MOBIKE based IKE SA update to update the source
> IP. strongswan doesn't bind to any specific interface for sending the
> packets out to the ipsec gateway.
> Could you please confirm if this understanding is correct.
> 
> 
> -- 
> Regards,
> 
> RaviKanth VN Vanapalli
> Email: vvnrk.vanapalli at gmail.com <mailto:vvnrk.vanapalli at gmail.com>
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161116/1138b7ce/attachment.bin>


More information about the Users mailing list