[strongSwan] does Strongswan 4.3.6 support PAT - Transport Mode?
Andreas Steffen
andreas.steffen at strongswan.org
Tue Jun 22 19:40:15 CEST 2010
Hello Cristina,
strongSwan does not support multiple IPsec peers requesting
transport mode and hiding behind the same NAT-router.
Best regards
Andreas
On 22.06.2010 18:56, Cristina Vintila wrote:
> Hello
>
> Quick question, please: does Strongswan know how to deal with multiple
> connections when I do a PAT type of NAT-T for IKEv1? - Transport mode
>
> I have enabled nat_traversal, and I have 2 connections, one coming from
> 192.168.0.2:4503 <http://192.168.0.2:4503>, and the other coming from
> 192.168.0.2:4504 <http://192.168.0.2:4504>. Only one of the connections
> gets past the Quick Mode.
> For the second one I get:
>
> Jun 22 19:12:54 IXRO-SMLOAD-DB1 pluto[2380]: | route owner of "net2"[8]
> 192.168.0.2:4504 <http://192.168.0.2:4504> unrouted: "net1"[3]
> 192.168.0.2:4503 <http://192.168.0.2:4503> erouted; eroute
> owner: "net1"[3] 192.168.0.2:4503 <http://192.168.0.2:4503> erouted
> Jun 22 19:12:54 IXRO-SMLOAD-DB1 pluto[2380]: "net2"[8] 192.168.0.2:4504
> <http://192.168.0.2:4504> #16: cannot install eroute -- it is in use for
> "net1"[3] 192.168.0.2:4 <http://192.168.0.2:4>
> 503 #15
>
> This is transport mode. And individually both of the connections get
> established, only together they get mixed up.
>
> I must be doing something wrong. Could you please help me?
>
> Thanks,
> Cristina
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100622/bf81bd5b/attachment.bin>
More information about the Users
mailing list