[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-announce
Subject:    Re: [strongSwan-dev] IPsec & mobility
From:       Andreas Steffen <andreas.steffen () strongswan ! org>
Date:       2011-08-19 11:01:36
Message-ID: 4E4E4290.9050707 () strongswan ! org
[Download RAW message or body]

Hi Gabriel,

with a virtual IP in place the IPsec policy shouldn't change at all,
just the IPsec SA between the endpoint should be updated since the
outer endpoint address changed.

Is this the case in your setup?

Regards

Andreas

On 19.08.2011 10:27, Gabriel Ganne wrote:
> Hi,
> 
> I am testing IKEv2 mobility performance, in tunnel mode, during an FTP
> transfer over TCP, and I have the following problem :
> 
> If I do an ftp command ( ls ), then change interface and shut down the
> one previously used , then re-ls, everything seems to work fine : the
> policies have been updated correctly, and the connection is working
> through the new interface.
> 
> Now, if I begin a big ftp transfer (5Go) and do the same mobility
> operation as before, then the connection is stalled. The policies still
> are changed correctly, and the informational messages are sent. There
> just is no more ftp data sent.
> 
> Any Idea why this is happening ?
> 
> 
> I am using strongswan 4.5.3 on both ends.
> My configuration is similar to the one in ikev2/mobike-virtual-ip in the
> wiki.
> I am using lftp as a ftp client and tnftpd for the server, both in their
> default configuration.
> Client is a fedora 15 lovelock, with linux 2.6.39
> Server is an Ubuntu server 10.04, with linux 2.6.39
> 
> Regards,
> 
> -- 
> Gabriel Ganne

======================================================================
Andreas Steffen                         andreas.steffen@strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

_______________________________________________
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic