Project

General

Profile

MOBIKE » History » Version 4

« Previous - Version 4/5 (diff) - Next » - Current version
Martin Willi, 01.04.2008 11:13


MOBIKE

The MOBIKE IKEv2 extension allows an initiator to change its network attachement point (e.g. roam to an other interface/address).

strongSwan implements MOBIKE by watching interfaces, addresses and routes. If the configuration changes, route lookups are done to find a better path than the current one and changes this path using a MOBIKE update (UPDATE_SA_ADDRESS).

strongSwan is running the MOBIKE protocol per default as soon as you specify keyexchange=ikev2. MOBIKE can be disabled on a per-connection basis, though, by adding the parameter mobike=no to the corresponding connection definition in ipsec.conf. Please be aware that with MOBIKE enabled, strongSwan will switch to UDP port 4500 starting with the IKE_AUTH request which includes a MOBIKE_SUPPORTED notification even if no NAT has been detected. Thus make sure to open the NAT-traversal port UDP/4500 on any firewalls en route.

strongSwan's MOBIKE implementation is currently usable, but needs further testing to work more reliable.