Dear team-members,
How do I get MOBIKE kernel support in kubuntu 20.04.1 LTS?
I've got a vpn-ipsec setup successfully working using Libreswan.
As soon I activate the MOBIKE in the config, the vpn will not start.
It stat:
As there isn't much info on the net how to get this kernel support, perhaps one of the members here can help me out.
Thank you in advance.
iosis
Info about mobike at libreswan-man: (source: https://libreswan.org/man/ipsec.conf.5.html)
software and os version
ipsec-configuration
How do I get MOBIKE kernel support in kubuntu 20.04.1 LTS?
I've got a vpn-ipsec setup successfully working using Libreswan.
As soon I activate the MOBIKE in the config, the vpn will not start.
It stat:
MOBIKE kernel support missing for netkey interface: CONFIG_XFRM_MIGRATE && CONFIG_NET_KEY_MIGRATE
As there isn't much info on the net how to get this kernel support, perhaps one of the members here can help me out.
Thank you in advance.
iosis
Info about mobike at libreswan-man: (source: https://libreswan.org/man/ipsec.conf.5.html)
mobike
Whether to allow MOBIKE (RFC 4555) to enable a connection to migrate its endpoint without needing to restart the connection from scratch.
This is used on mobile devices that switch between wired, wireless or mobile data connections.
Current values are no (the default) or yes, Only connection acting as modecfgclient will allow the initiator to migrate using mobike.
Only connections acting as modecfgserver will allow clients to migrate.
VTI and MOBIKE might not work well when used together.
Whether to allow MOBIKE (RFC 4555) to enable a connection to migrate its endpoint without needing to restart the connection from scratch.
This is used on mobile devices that switch between wired, wireless or mobile data connections.
Current values are no (the default) or yes, Only connection acting as modecfgclient will allow the initiator to migrate using mobike.
Only connections acting as modecfgserver will allow clients to migrate.
VTI and MOBIKE might not work well when used together.
software and os version
Linux Libreswan 3.29 (netkey) on 5.4.0-58-generic
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
ipsec-configuration
config setup
plutodebug=none
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn xs2examplecom
authby=rsasig
ikev2=insist
narrowing=yes
auto=start
dpddelay=5m
dpdtimeout=30m
dpdaction=clear
# mobike=yes
right=%defaultroute
rightcert=#########
rightid=%fromcert
rightrsasigkey=%cert
rightxauthclient=yes
rightmodecfgclient=yes
left=example.com
leftid=%fromcert
leftsubnet=###.###.###.###/##
leftxauthserver=yes
leftmodecfgserver=yes
leftca=%same
plutodebug=none
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn xs2examplecom
authby=rsasig
ikev2=insist
narrowing=yes
auto=start
dpddelay=5m
dpdtimeout=30m
dpdaction=clear
# mobike=yes
right=%defaultroute
rightcert=#########
rightid=%fromcert
rightrsasigkey=%cert
rightxauthclient=yes
rightmodecfgclient=yes
left=example.com
leftid=%fromcert
leftsubnet=###.###.###.###/##
leftxauthserver=yes
leftmodecfgserver=yes
leftca=%same
Comment