<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div>I've tried to use the examples to set up a test of my own involving NAT, but I haven't been able to get it to work. I'll list as much of what's going on here in hopes you can show me what I'm missing.<br><br>There are two machines communicating, Alice and Bob.<br><br>Alice: a Fedora VM on a Windows PC<br>Bob: a Fedora computer<br><br>Alice uses NAT to access the network through the hosting PC to avoid network conflicts. That's the biggest difference between my setup and the examples. There aren't two NAT machines making a tunnel; I'm trying to make a tunnel between two machines, one of which is using NAT to talk to the network.<br><br>
NAT<br>AliceVM<------->PC<------------>Bob<br><br>Thus far I can get Alice and Bob to negotiate a tunnel and their logs clearly show everything is working, and yet no data between the two is encrypted. I use Wireshark to watch the packets. When I examine the xfrm information on Bob, it shows that the IP address in the table is that of the PC and not the VM. When running 'ipsec status' it shows that the IP address for Alice is that of the VM.<br><br>Alice's ipsec.conf<br>conn alice-to-bob<br> left=%any<br> leftcert=alice_cert.der<br> leftid="alice@here"<br> leftsubnet=192.168.140.0/24<br> leftfirewall=yes<br> right=192.168.15.177<br> rightallowany=yes<br> rightsubnet=192.168.15.0/24<br> rightid="bob@there"<br><br>Bob's ipsec.conf:<br>conn
alice-to-bob<br> left=192.168.15.177<br> leftcert=bob_cert.der<br> leftid="bob@there"<br> right=%any<br> rightallowany=yes<br> rightsubnet=192.168.140.0/24<br> rightid="alice@here"<br> auto=add<br><br>I don't have the "leftsubnet" and "leftfirewall" in Bob's ipsec.conf because when I do that, the system's networking locks up for some reason. One thing I wonder about is that the 'system lockup' might be because the tunnel is actually functioning, but there are issues with my X session (using Xming) from my PC (that's also running the Alice VM) to Bob.<br><br>So, again, the real issue with this setup as it is currently is that the negotiation happens and strongSwan seems to create a tunnel, but no data encryption is actually happening. That's the main problem. I included the second issue only to
demonstrate one other way I tried to solve the problem and get data encryption to happen.<br><br>I can't really get the logs off of these machines because their network is cut off. If they're needed I can type relevant information from them manually, though. I hope that's enough information for you all to be able to give me some guidance.<br><br>Thanks much for your help.<br><br>Dave<br></div>
</div><br>
</body></html>