[strongSwan] Question on IKEv2 + farp example
Noel Kuntze
noel at familie-kuntze.de
Sun Oct 12 21:02:12 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Rolf,
I'm not sure if it works, because farp sends ARP messages for the whole pool,
not just the currently addresses that are given to peers using MODE_CONFIG or QUICK_MODE.
NAT shouldn't be a problem, if you only apply it to packets that aren't handled by ipsec and only going to the WAN.
I think it should work alright from the peer's viewpoint, if the firewall on the gateway is set up correctly.
A friendly note: Make your gateway push bypass policies for the LAN to clients that are in your LAN.
That way traffic for the LAN won't be routed over the gateway.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 12.10.2014 um 16:34 schrieb Dr. Rolf Jansen:
> I am referring to the example setup given at http://www.strongswan.org/uml/testresults/ikev2/farp/index.html.
>
> My question is, whether carol and dave do have access to the web server winnetou from within the internal network by the way of a NAT'ing moon?
>
> Best regards
>
> Rolf
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJUOtA0AAoJEDg5KY9j7GZYMcUP/3/X0kdlkcorDUXN9Ln3yY/J
Vw/6goJ0UOS4wQHeWgOSgCtAd0MvSp3n3Xk88HXgCiqkpJpyuz+bb0E1NCjSz/Kv
WWQmj9LiPYzGagvN/H1u4cm08t27XYrFT56g90tOG2eY9wojKknfLhsK0jT/R2/u
xQ+Di7hcaWgyeFrBcBoB/LW0BTnPqA1Eq2lk/cO3V54EobpbpeXU8XHjRIjyKVIp
+OnPNyWkwDTRqht8Ae2G1VO+E2szLsLnmdO+OdKr1jwtVgtdUElEH8u/xLfm5/EZ
xhpyOb+7lYIjzlRD2VjiwBiB++KQv3RgsoKeLOK2s5QAiGndaFbWZxU21m5igGqL
rJEY5SrczcZun33h0RPbAxXJH9P6P3V+ITvusOnVNvlI7swA16rjoaGRiRd41Unr
92dVhLp8WNHStZyAvWseWXwG2WTe2aplxVkHHXF6MvbSg/uInZ9tN3HPQ7Q7XqhK
XfsyXgfoU//YolfpqcvMYDh3EKTV6Yw0RSs2tGqmUeAP6gfpSVsXGa6AuZhkR9iE
vBRLzyOokm6hgmtqQJREk/IWIg3oyBDLkqsexK1/bkToCjRYHf9mNVCBXiS1t/D3
hI+r4UWt+N99n7Iqu9QrK0hQ9ZBhiTKmSrqttgNAvhkDlNMrrTO0kIo0ZLJcNeuN
+oyz9wR1/w/FbLIC+22X
=ArEU
-----END PGP SIGNATURE-----
More information about the Users
mailing list