[strongSwan] host-to-host with NAT support
Michael C. Cambria
mcc at fid4.com
Thu Oct 30 15:22:18 CET 2014
Using rightsubnet=0.0.0.0/0seems to be working.
On 10/29/2014 04:08 PM, Michael C. Cambria wrote:
> Hi,
>
> Is host to host supported when one side is behind NAT? I'm using
> strongSwan U5.1.2/K3.13.0-35-generic on Ubuntu 14.04 and IKEv2
>
>
> The configuration below only works when I explicitly tell the server
> what the IPv4 address is of the client that is behind NAT. e.g. I
> uncomment "rightsubnet=10.1.2.189/32", where 10.1.2.189 is the IP
> address behind NAT.
>
> Server side:
>
> conn S1
> left=public-ip-address
> leftcert=Cert.pem
> leftfirewall=yes
> right=%any
> rightid=@user at example.com
> #rightsubnet=10.1.2.189/32
> auto=add
>
> Client (initiator) behind NAT side:
>
> conn C1
> left=%defaultroute
> leftcert=Cert1.pem
> leftfirewall=yes
> right=public-ip-address
> rightid=@user at example.com
> auto=add
>
>
> I don't always know what the IP address will be, otherwise I'd just
> specifiy it in the config. NAT seems to be detected, port 4500 is used
> and keep-alive sent.
>
> Does soemthing else need to be enabled for this to work auto-magically?
>
> Thanks,
> MikeC
>
>
More information about the Users
mailing list