Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1471763 - RFE: libreswan MOBIKE support (RFC-4555)
RFE: libreswan MOBIKE support (RFC-4555)
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libreswan (Show other bugs)
7.5
All Linux
medium Severity medium
: rc
: ---
Assigned To: Paul Wouters
Ondrej Moriš
Mirek Jahoda
: FutureFeature
Depends On: 1460790
Blocks: 1490342
  Show dependency treegraph
 
Reported: 2017-07-17 08:13 EDT by Paul Wouters
Modified: 2018-04-10 13:23 EDT (History)
6 users (show)

See Also:
Fixed In Version: libreswan-3.22-5.el7
Doc Type: Enhancement
Doc Text:
_libreswan_ now supports IKEv2 MOBIKE This update introduces support for the IKEv2 Mobility and Multihoming (MOBIKE) protocol (RFC 4555) using the XFRM_MIGRATE mechanism through the "mobike=yes|no" option. MOBIKE enables seamless switching of networks, for example, Wi-Fi, LTE, and so on, without disturbing the IPsec tunnel.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 13:22:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0932 None None None 2018-04-10 13:23 EDT

  None (edit)
Description Paul Wouters 2017-07-17 08:13:30 EDT 
This document describes the MOBIKE protocol, a mobility and
   multihoming extension to Internet Key Exchange (IKEv2).  MOBIKE
   allows the IP addresses associated with IKEv2 and tunnel mode IPsec
   Security Associations to change.  A mobile Virtual Private Network
   (VPN) client could use MOBIKE to keep the connection with the VPN
   gateway active while moving from one address to another.  Similarly,
   a multihomed host could use MOBIKE to move the traffic to a different
   interface if, for instance, the one currently being used stops
   working.

This support requires a few recent fixes in the kernel. See associated bug for this status
Comment 6 Ondrej Moriš 2017-12-12 07:58:36 EST 
(In reply to Paul Wouters from comment #4)
> I will upload the test cases for testing, as these are not yet in public
> master upstream

Paul, I just get to this - do you have those test cases or any hint to test mobike support? I see that upstream test cases got updated with mobike=no but there are no mobike=yes test cases in master so far. BTW: ipsec.conf man page does not mention mobike option at all at the moment (3.22-2.el7).
Comment 7 Ondrej Moriš 2017-12-13 10:17:23 EST 
Moreover, from BZ#1460790#c4 I got an impression that MOBIKE libreswan client support is not yet done, or is it? I would like to use the following testing approach - libreswan server with mobike=yes, libreswan client from laptop having both wired and wireless connection with IPsec tunnel to server using wireless, then bringing down wireless connection should keep tunnel on using wired connection. Does it make sense?
Comment 8 Paul Wouters 2017-12-13 12:02:05 EST 
the client support is not yet in upstream or this build. Actually, the server side isn't in a public tree yet either and that one contains the test cases (using strongswan as client)

I'll see if mobike lands in master today or tomorrow. If not, I will attach the test cases here.

Note that you also need a patched kernel for this to work, as the mobike fixes have not yet been put into the rhel-7.5.0 kernel either
Comment 12 errata-xmlrpc 2018-04-10 13:22:34 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0932
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.