[Openswan dev] SADB_UPDATE messages

Paul Wouters paul at xelerance.com
Fri Dec 31 12:44:05 EST 2010


On Fri, 31 Dec 2010, Patricia de Noriega wrote:

> I'm newbie using openswan and I need evaluate the mobility issues of
> IPsec. I like to develop a simple client that can manage a tunnel
> established when a change of IP (src or dest) occurs without re-establish
> it, i.e, when one of the end points changes its IP addr due to its mobile
> nature.

You should look at the various IETF work done in this aspect. I think
you might want to look at mobike? https://tools.ietf.org/html/rfc5265

> I think this could be managed sending SADB_UPDATE messages to both
> kernels updating the IP that is changing. My problem is, how can I do
> that? I have been reading the source code and many scripts but I haven't
> found nothing relevant. Where can I add some code (or using existing) to
> emulate this behaviour?

I would strongly recommend looking at existing work done in this area
and focus on adding such support to openswan, over any custom solutions
you might think of. There are many security implications.

Paul


More information about the Dev mailing list