[strongSwan] doubt strongswan after nat
Andreas Steffen
andreas.steffen at strongswan.org
Wed May 9 06:35:54 CEST 2012
Hello Ricardo,
a strongSwan log would be really helpful in diagnosing the situation.
Regards
Andreas
On 05/08/2012 10:49 PM, Ricardo Barbosa wrote:
> Hi all.
>
> I have a enviroment with one server pfsense and server ubuntu with
> ubuntu. follow topology
>
> 192.168.1.0/24 - pfsense - 192.168.254.1 - modem - internet - modem -
> 10.1.1.2 ubuntu strongswan - 192.168.2.0/24
>
> my config
>
> config setup
> nat_traversal=yes
> charonstart=yes
> plutostart=yes
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> authby=secret
> keyexchange=ikev2
> mobike=no
> conn pfsense_ic
> type=tunnel
> authby=secret
> auth=esp
> pfs=yes
> rekey=yes
> auto=add
> keylife=8h
> keyingtries=0
> keyexchange=ike
> ike=aes256-sha1-modp1536
> esp=aes256-sha1-modp1536
> # Linux openswan
> left=x.x.x.x # ip public
> leftsubnet=192.168.1.0/24 # network internal
> leftid=@hc.mitsubishi.corp
> # pfsense IC
> right=x.x.x.x # ip public
> rightsubnet=192.168.2.0/24 # network internal
> rightid=@ic.mitsubishi.corp
>
>
> but not worked, The names "hc.mitsubishi.corp" and "ic.mitsubishi.corp"
> are just symbolic names, labels correct? any idea?
>
> Regards
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list