[strongSwan] host-to-host with NAT support
Michael C. Cambria
mcc at fid4.com
Wed Oct 29 21:08:51 CET 2014
Hi,
Is host to host supported when one side is behind NAT? I'm using
strongSwan U5.1.2/K3.13.0-35-generic on Ubuntu 14.04 and IKEv2
The configuration below only works when I explicitly tell the server
what the IPv4 address is of the client that is behind NAT. e.g. I
uncomment "rightsubnet=10.1.2.189/32", where 10.1.2.189 is the IP
address behind NAT.
Server side:
conn S1
left=public-ip-address
leftcert=Cert.pem
leftfirewall=yes
right=%any
rightid=@user at example.com
#rightsubnet=10.1.2.189/32
auto=add
Client (initiator) behind NAT side:
conn C1
left=%defaultroute
leftcert=Cert1.pem
leftfirewall=yes
right=public-ip-address
rightid=@user at example.com
auto=add
I don't always know what the IP address will be, otherwise I'd just
specifiy it in the config. NAT seems to be detected, port 4500 is used
and keep-alive sent.
Does soemthing else need to be enabled for this to work auto-magically?
Thanks,
MikeC
More information about the Users
mailing list