[strongSwan] IPSec SA's not coming up when the device is behind a NAT
deepi7.agarwal at gmail.com
Wed Apr 11 09:01:35 CEST 2012
I'm trying to setup an IPSec session using Strongswan when the client
device is behind a NAT router.
Here is the setup details:
Client ======================NAT router==========================IPSEC
192.168.0.100 192.168.0.1 192.168.1.10
Subnet1(192.168.5.2) is pingable from the client machine(192.168.0.100)
The tunnel should automatically come up whenever there is any traffic
from the client machine to Subnet1 (192.168.5.2). The tunnel should be
established between the client (192.168.0.100) and
Here is the ipsec.conf on client:
ipsec.conf on server:
When I send some traffic from client to 192.168.5.2 (subnet 1)
although the IKE SA's are created, but IPSec SA's are not coming up.
Neither I'm getting the ping reply on the client machine.
Although, ESP packets are being sent from client to server as:
Encrypted: src:192.168.1.10 dest: 192.168.1.154
After decryption: src:192.168.0.100 dest:192.168.5.2
But the server is not able to send any reply to this ESP packet.
Please suggest if I'm missing something in the server configuration file.
Thanks in advance
If you think you can or if you think you can't, you are right.
More information about the Users