Hi all, I'm testing MOBIKE between two parties and I've obtained a strange result.
At first, the initiator peer has two available interfaces, eth0 and eth1. The connection is established successfully from its eth0 interface. 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.4.1) > 00[KNL] listening on interfaces: > 00[KNL] eth0 > 00[KNL] 192.168.100.20 > 00[KNL] fe80::fcfd:ff:fe00:300 > 00[KNL] eth1 > 00[KNL] 192.168.100.*21* > 00[KNL] fe80::fcfd:ff:fe00:301 > 14[IKE] IKE_SA mobike[1] established between 192.168.100.20[C=ES, O=IT-UC3M, OU=Users, CN=client gast]...192.168.100.10[C=ES, O=IT-UC3M, OU=Users, CN=server gast] If I disable the eth0 interface, strongswan updates at first the IP available pool sending an INFORMATIONAL[ N(ADD_4_ADDR) ] from the eth1 interface (the unique interface available) and then sends the update address (INFORMATIONAL [ N(UPD_SA_ADDR) N(NATD_S_IP) N(NATD_D_IP) N(COOKIE2) ]. 03[KNL] interface eth0 deactivated > 03[KNL] fe80::fcfd:ff:fe00:300 disappeared from eth0 > 10[IKE] requesting address change using MOBIKE > 10[ENC] generating INFORMATIONAL request 2 [ N(ADD_4_ADDR) ] > 10[IKE] checking original path 192.168.100.*21*[4500] - > 192.168.100.10[4500] > 10[NET] sending packet: from 192.168.100.*21*[4500] to > 192.168.100.10[4500] > 11[NET] received packet: from 192.168.100.10[4500] to 192.168.100.*21* > [4500] > 11[ENC] parsed INFORMATIONAL response 2 [ ] > 11[KNL] received netlink error: No such process (3) > 11[KNL] error uninstalling route installed with policy 192.168.100.10/32=== > 192.168.100.20/32 fwd > 11[ENC] generating INFORMATIONAL request 3 [ N(UPD_SA_ADDR) N(NATD_S_IP) > N(NATD_D_IP) N(COOKIE2) ] > 11[NET] sending packet: from 192.168.100.*21*[4500] to > 192.168.100.10[4500] > 12[NET] received packet: from 192.168.100.10[4500] to 192.168.100.*21* > [4500] > 12[ENC] parsed INFORMATIONAL response 3 [ N(NATD_S_IP) N(NATD_D_IP) > N(COOKIE2) ] > Is this behaviour normal? Why it doesn't send the N(UPD_SA_ADDR) first of all? The responder peer can accept packets from other IPs without receive the N(UPD_SA_ADDR)? Finally, when the initiator peer has only one interface available and it sends the INFORMATIONAL[ N(ADD_4_ADDR) ] to update the list, why doesn't send a INFORMATIONAL[ N(NO_ADD_ADDR) ]? in this point it has only one IP available and it is using to communicate with the responder. Thanks in advance :) **
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
