Project

General

Profile

MOBIKE » History » Version 2

Martin Willi, 30.08.2007 23:54
Warning about the use of UDP port 4500 by MOBIKE

1 1 Martin Willi
= MOBIKE =
2 1 Martin Willi
3 1 Martin Willi
The MOBIKE IKEv2 extension allows an initiator to change its network attachement point (e.g. roam to an other interface/address).
4 1 Martin Willi
5 2 Martin Willi
strongSwan implements MOBIKE by watching interfaces, addresses and routes. If the configuration changes, route lookups are done to find a better path than the current one and changes this path using a MOBIKE update (''UPDATE_SA_ADDRESS'').
6 1 Martin Willi
7 2 Martin Willi
strongSwan is running the MOBIKE protocol per default as soon as you specify ''keyexchange=ikev2''. MOBIKE can be disabled on a per-connection basis, though, by adding the parameter ''mobike=no'' to the corresponding connection definition in ''ipsec.conf''. Please be aware that with MOBIKE enabled, strongSwan will switch to UDP port 4500 starting with the IKE_AUTH request which includes a ''MOBIKE_SUPPORTED'' notification even if no NAT has been detected. Thus make sure to open the NAT-traversal port UDP/4500 on any firewalls en route. 
8 2 Martin Willi
9 2 Martin Willi
strongSwan's MOBIKE implementation is currently incomplete. The routeability check and path probing are currently still missing.