[strongSwan] doubt strongswan after nat
Ricardo Barbosa
spiderslack at yahoo.com.br
Tue May 8 22:49:48 CEST 2012
Hi all.
I have a enviroment with one server pfsense and server ubuntu with ubuntu. follow topology
192.168.1.0/24 - pfsense - 192.168.254.1 - modem - internet - modem - 10.1.1.2 ubuntu strongswan - 192.168.2.0/24
my config
config setup
nat_traversal=yes
charonstart=yes
plutostart=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn pfsense_ic
type=tunnel
authby=secret
auth=esp
pfs=yes
rekey=yes
auto=add
keylife=8h
keyingtries=0
keyexchange=ike
ike=aes256-sha1-modp1536
esp=aes256-sha1-modp1536
# Linux openswan
left=x.x.x.x # ip public
leftsubnet=192.168.1.0/24 # network internal
leftid=@hc.mitsubishi.corp
# pfsense IC
right=x.x.x.x # ip public
rightsubnet=192.168.2.0/24 # network internal
rightid=@ic.mitsubishi.corp
but not worked, The names "hc.mitsubishi.corp" and "ic.mitsubishi.corp" are just symbolic names, labels correct? any idea?
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120508/7a8ca811/attachment.html>
More information about the Users
mailing list