[strongSwan] Strongswan MOBIKE support
Amit Katyal
itsamitkatyal at gmail.com
Wed Sep 28 13:00:06 CEST 2016
Hi All,
I'm testing MOBIKE feature with CISCO GW and strongswan client. Please find
below the test set-up details.
Strongswan------------------>CISCO GW
85.1.96.133 85.1.96.205
85.1.96.159
I've configured two interfaces on the client side in the 85 VLAN and
testing the MOBIKE feature by bringing down the interface over which tunnel
has been established.
Testing Steps
=============
1. Bring up IKEV2 tunnel between Strongswan and CISCO GW (85.1.96.133 -
85.1.96.205)
2. Confirmed from logs that client is sending MOBIKE_SUPPORTED notification
in the IKE_AUTH message and also receiving the MOBIKE_SUPPORTED capability
in the IKE_AUTH response.
3. Bring down the interface having 85.1.96.133 ip address.
4. Confirmed from the logs, client receives notification from the lower
layer about interface getting down. Client looks for new path and
identifies the new path 85.1.96.159 to reach the GW.
Query:-
=====
Here I expect client to send UPDATE_SA_ADDRESS notification for new IP
address 85.1.96.159 before actually start using this new IP address.
However, client start sending DPD messages using new IP
to which CISCO GW is not responding (As GW is not aware of new IP address)
and after maximum number of retries client is bringing down the current
tunnel and initiating the new tunnel.
Please help me in validating UDPATE_SA_ADDRESS request message.
Regards,
Amit Katyal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160928/e5bdade9/attachment.html>
More information about the Users
mailing list