[strongSwan] Telnet over a tunnel using Local IP (rather than Public IP)
Thomas Egerer
thomas.egerer at secunet.com
Tue Jan 3 13:15:13 CET 2012
> config setup
> charonstart=yes
> #nat_traversal = yes
> nat_traversal = no
> plutostart=yes
> plutodebug=all
> plutostderrlog =/var/log/pluto.log
>
> conn %default
> keyexchange=ikev1
> type=tunnel
> auth=esp
> authby=psk
> auto=start
> ikelifetime=28800
> left=xl.xl.xl.xl
> leftnexthop=%defaultroute
>
>
> conn umb
> leftsourceip=xl.xl.xl.xl
> leftsubnet=xp.xp.xp.xp/32
> right=<Public IP of peer>
> rightsubnet=<xr.xr.xr.xr>/32
> esp=3des-md5
> ike=3des-md5-modp1024
> pfs=no
>
> Please suggest.
Alright, sorry for the delay. As far as I understand, your config
is supposed to look like this:
conn %default
keyexchange=ikev1
type=tunnel
auth=esp
authby=psk
auto=start
ikelifetime=28800
left=xp.xp.xp.xp
leftnexthop=%defaultroute
conn umb
leftsubnet=xl.xl.xl.xl/32
right=<Public IP of peer>
rightsubnet=<xr.xr.xr.xr>/32
esp=3des-md5
ike=3des-md5-modp1024
pfs=no
I do not understand how your original config could ever successfully
establish a tunnel, if your firewall only accepts packets from xp.xp.xp.xp.
Your config shared your public network and used the private ip-address
as tunnel endpoint.
Cheer
Thomas
More information about the Users
mailing list