Discussion:
[strongSwan-dev] triggering MOBIKE in strongswan
Ravi Kanth Vanapalli
2016-11-16 14:54:08 UTC
Permalink
Hi,

I wanted to know how is MOBIKE triggered in Strongswan.
I have setup an IKEv2 connection to the gateway with MOBIKE enabled. I
confirmed it from the logs.
My understanding of MOBIKE is, if the default route to the gateway is
changed i.e lets say from IP1 to IP2. IP1 is on interface 1 , IP2 is on
interface 2, UE triggers MOBIKE based IKE SA update to update the source
IP. strongswan doesn't bind to any specific interface for sending the
packets out to the ipsec gateway.
Could you please confirm if this understanding is correct.
--
Regards,

RaviKanth VN Vanapalli
Email: ***@gmail.com
Andreas Steffen
2016-11-16 21:42:46 UTC
Permalink
Hi Ravi,

yes, your understanding is correct. Our MOBIKE example scenario

https://www.strongswan.org/testing/testresults/ikev2/mobike/index.html

shows the interface change:

13[IKE] peer supports MOBIKE
07[KNL] 192.168.0.50 disappeared from eth1
15[KNL] interface eth1 deactivated
16[KNL] fec0::5 disappeared from eth1
07[KNL] fe80::5054:ff:fe3b:cd7 disappeared from eth1
12[IKE] old path is not available anymore, try to find another
12[IKE] looking for a route to 192.168.0.2 ...
12[IKE] requesting address change using MOBIKE
12[ENC] generating INFORMATIONAL request 2 [ ]
12[IKE] checking path 10.1.0.10[4500] - 192.168.0.2[4500]
12[NET] sending packet: from 10.1.0.10[4500] to 192.168.0.2[4500] (80 bytes)
12[IKE] checking path 10.1.0.10[4500] - 10.2.0.1[4500]
12[NET] sending packet: from 10.1.0.10[4500] to 10.2.0.1[4500] (80 bytes)
15[NET] received packet: from 192.168.0.2[4500] to 10.1.0.10[4500] (80
bytes)
15[ENC] parsed INFORMATIONAL response 2 [ ]
15[ENC] generating INFORMATIONAL request 3 [ N(UPD_SA_ADDR) N(NATD_S_IP)
N(NATD_D_IP) N(COOKIE2) N(ADD_6_ADDR) ]
15[NET] sending packet: from 10.1.0.10[4500] to 192.168.0.2[4500] (192
bytes)
13[NET] received packet: from 192.168.0.2[4500] to 10.1.0.10[4500] (160
bytes)
13[ENC] parsed INFORMATIONAL response 3 [ N(NATD_S_IP) N(NATD_D_IP)
N(COOKIE2) ]

Regards

Andreas
Post by Ravi Kanth Vanapalli
Hi,
I wanted to know how is MOBIKE triggered in Strongswan.
I have setup an IKEv2 connection to the gateway with MOBIKE enabled.
I confirmed it from the logs.
My understanding of MOBIKE is, if the default route to the gateway is
changed i.e lets say from IP1 to IP2. IP1 is on interface 1 , IP2 is on
interface 2, UE triggers MOBIKE based IKE SA update to update the source
IP. strongswan doesn't bind to any specific interface for sending the
packets out to the ipsec gateway.
Could you please confirm if this understanding is correct.
--
Regards,
RaviKanth VN Vanapalli
_______________________________________________
Users mailing list
https://lists.strongswan.org/mailman/listinfo/users
--
======================================================================
Andreas Steffen ***@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
Ravi Kanth Vanapalli
2016-11-22 16:06:43 UTC
Permalink
Thank you Andreas for the clarification.

One additional query. There is a flag named roam_events in
kernel_netlink_net.c

My understanding of this flag is when the UE IP address changes, if this
flag is set to true, then UE triggers MOBIKE, else UE doesn't trigger
MOBIKE even though UE's source IP address changes.

Kindly confirm if my understanding of this flag is true.


On Wed, Nov 16, 2016 at 4:42 PM, Andreas Steffen <
Post by Andreas Steffen
Hi Ravi,
yes, your understanding is correct. Our MOBIKE example scenario
https://www.strongswan.org/testing/testresults/ikev2/mobike/index.html
13[IKE] peer supports MOBIKE
07[KNL] 192.168.0.50 disappeared from eth1
15[KNL] interface eth1 deactivated
16[KNL] fec0::5 disappeared from eth1
07[KNL] fe80::5054:ff:fe3b:cd7 disappeared from eth1
12[IKE] old path is not available anymore, try to find another
12[IKE] looking for a route to 192.168.0.2 ...
12[IKE] requesting address change using MOBIKE
12[ENC] generating INFORMATIONAL request 2 [ ]
12[IKE] checking path 10.1.0.10[4500] - 192.168.0.2[4500]
12[NET] sending packet: from 10.1.0.10[4500] to 192.168.0.2[4500] (80 bytes)
12[IKE] checking path 10.1.0.10[4500] - 10.2.0.1[4500]
12[NET] sending packet: from 10.1.0.10[4500] to 10.2.0.1[4500] (80 bytes)
15[NET] received packet: from 192.168.0.2[4500] to 10.1.0.10[4500] (80
bytes)
15[ENC] parsed INFORMATIONAL response 2 [ ]
15[ENC] generating INFORMATIONAL request 3 [ N(UPD_SA_ADDR) N(NATD_S_IP)
N(NATD_D_IP) N(COOKIE2) N(ADD_6_ADDR) ]
15[NET] sending packet: from 10.1.0.10[4500] to 192.168.0.2[4500] (192
bytes)
13[NET] received packet: from 192.168.0.2[4500] to 10.1.0.10[4500] (160
bytes)
13[ENC] parsed INFORMATIONAL response 3 [ N(NATD_S_IP) N(NATD_D_IP)
N(COOKIE2) ]
Regards
Andreas
Post by Ravi Kanth Vanapalli
Hi,
I wanted to know how is MOBIKE triggered in Strongswan.
I have setup an IKEv2 connection to the gateway with MOBIKE enabled.
I confirmed it from the logs.
My understanding of MOBIKE is, if the default route to the gateway is
changed i.e lets say from IP1 to IP2. IP1 is on interface 1 , IP2 is on
interface 2, UE triggers MOBIKE based IKE SA update to update the source
IP. strongswan doesn't bind to any specific interface for sending the
packets out to the ipsec gateway.
Could you please confirm if this understanding is correct.
--
Regards,
RaviKanth VN Vanapalli
_______________________________________________
Users mailing list
https://lists.strongswan.org/mailman/listinfo/users
--
======================================================================
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
--
Regards,
RaviKanth VN Vanapalli
Email: ***@gmail.com
Loading...