[strongSwan] How to do when the WAN's IP of NAT router is changed ?
TAMAMA!
844538316 at qq.com
Wed Dec 12 09:25:30 CET 2012
Hi all,
I've used strongswan for some time, and I found a problem when I use it under the situation that the WAN's IP of NAT router is changed.
As the following illustration, I use a computer as client alice, which is behind a NAT router. A IPSec tunnel is set up between alice and GATEWAY sun. Now the IP of CLIENT alice is IP11,the IP of GATEWAY sun is IP22,and WAN's IP of NAT router is IP21.
_____________ _____________
IP11 IP12| | IP21 IP22| |
CLIENT--------------------------| NAT Router |--------------------------| GATEWAY |
alice |_____________| |_____sun_____|
Before the WAN's IP is changed, the IPSec tunnel is available, and CLIENT alice can communicate with GATEWAY sun. When WAN's IP of NAT router IP21 is changed to IP23 for some reasons, the tunnel still exists, but CLIENT alice can not communicate with GATEWAY sun anymore. GATEWAY sun can not receive DPD response from CLIENT alice, and the tunnel is deleted after the DPD timeout.
_____________ _____________
IP11 IP12| | IP23 IP22| |
CLIENT--------------------------| NAT Router |--------------------------| GATEWAY |
alice |_____________| |_____sun_____|
It's no doubt that Strongswan does support NAT, but how to configure strongswan to support this situation? I checked Configure HOWTOS and strongswan UML test on www.strongswan.org, but I cannot find any way to figure out this problem. My strongswan's version is 4.5.2 with linux kernel 2.6.36.4, does it work? Or does the problem can be figured out with the latest version of strongswan? 4.6.4 or 5.0.0 ?
More information about the Users
mailing list