[strongSwan] Telnet over a tunnel using Local IP (rather than Public IP)
anupam.malhotra at u2opiamobile.com
Mon Dec 26 08:31:30 CET 2011
Thanks for the useful insight. In my ipsec.conf file, "left" is indeed set
to my localIP (xl.xl.xl.xl). However, I tried setting that to my public IP
(xp.xp.xp.xp) (keeping all other configurations same). In that case the
tunnel is not coming up. You are right that my peer is not strongswan. Here
is my Ipsec.conf file:
#nat_traversal = yes
nat_traversal = no
right=<Public IP of peer>
From: Thomas Egerer [mailto:thomas.egerer at secunet.com]
Sent: Friday, December 23, 2011 7:13 PM
To: Anupam Malhotra
Cc: 'gowrishankar'; users at lists.strongswan.org
Subject: Re: [strongSwan] Telnet over a tunnel using Local IP (rather than
On 12/23/2011 11:17 AM, Anupam Malhotra wrote:
> Hi Thomas
> The IKE_SA-negotiation is not failing. The tunnel is coming up. Only
> issue is that the local IP is being seen at the remote end (rather
> than the public IP).
Your output 'ip x s s' tells me, that your tunnel-endpoint on the local side
of the box running strongswan is your *local* ip-address.
> src <remote IP: xr.xr.xr.xr> dst <local IP:xl.xl.xl.xl> src <local IP:
> xl.xl.xl.xl> <remote IP: xr.xr.xr.xr>
This is only the case if your config tells strongswan to do so. If your peer
only accepts ESP packets from xp.xp.xp.xp then your tunnel-endpoint (left in
ipsec.conf) is supposed to say so. If that tunnel cannot be created you
should consult the log file. Your peer should have the config modified
Let us look at your ipsec.conf, maybe we can figure it out then.
Your peer is no strongswan, I assume?
More information about the Users