[Openswan dev] SADB_UPDATE messages
Patricia de Noriega
pnoriega at it.uc3m.es
Fri Dec 31 13:13:19 EST 2010
On 31 December 2010 18:44, Paul Wouters <paul at xelerance.com> wrote:
> On Fri, 31 Dec 2010, Patricia de Noriega wrote:
>
> I'm newbie using openswan and I need evaluate the mobility issues of
>> IPsec. I like to develop a simple client that can manage a tunnel
>> established when a change of IP (src or dest) occurs without re-establish
>> it, i.e, when one of the end points changes its IP addr due to its mobile
>> nature.
>>
>
> You should look at the various IETF work done in this aspect. I think
> you might want to look at mobike? https://tools.ietf.org/html/rfc5265
>
>
>
I didn't know this RFC, I'll take a look. This is my first job related to
security. Thanks.
> I think this could be managed sending SADB_UPDATE messages to both
>> kernels updating the IP that is changing. My problem is, how can I do
>> that? I have been reading the source code and many scripts but I haven't
>> found nothing relevant. Where can I add some code (or using existing) to
>> emulate this behaviour?
>>
>
> I would strongly recommend looking at existing work done in this area
> and focus on adding such support to openswan, over any custom solutions
> you might think of. There are many security implications.
>
>
It exists any work done about this? Where can I find it? :)
Don't mind the security implications. My work (researcher) consists on
evaluate these implications in order to use an IPsec modification (my
original scenario uses IPsec) to provide mobility.
Thanks again!
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20101231/204a9a64/attachment.html
More information about the Dev
mailing list