Tobias Brunner, 04.05.2011 14:37
The MOBIKE IKEv2 extension ("RFC 4555":http://tools.ietf.org/html/rfc4555) allows an initiator to change its network attachement point (e.g. roam to an other interface/address).
strongSwan implements MOBIKE by watching interfaces, addresses and routes. If the configuration changes, route lookups are done to find a better path than the current one and, if necessary, the path is changed using a MOBIKE update (_UPDATE_SA_ADDRESS_).
strongSwan is running the MOBIKE protocol per default. MOBIKE can be disabled on a per-connection basis, though, by adding the parameter _mobike=no_ to the corresponding connection definition in [[IpsecConf|ipsec.conf]]. Please be aware that with MOBIKE enabled, strongSwan will switch to UDP port 4500 starting with the IKE_AUTH request, which includes a _MOBIKE_SUPPORTED_ notification, even if no NAT has been detected. Thus make sure to open the NAT-traversal port UDP/4500 on any firewalls en route.