[strongSwan] creating a VTI tunnel when both VPN servers are behind NAT
Florin Andrei
florin at andrei.myip.org
Tue Jul 9 23:50:02 CEST 2019
RHEL8, kernel 4.18.0, iproute2-ss180813, strongSwan 5.7.2
Two AWS instances with private IPs, and with EIPs associated to them -
effectively both are behind NAT.
site1:
instance IP: 10.0.1.254
EIP: 35.155.151.175
site2:
instance IP: 10.0.2.254
EIP: 52.25.225.42
Connections are defined like this:
conn site1-site2
left = 10.0.1.254
leftid = site1
leftsubnet = 0.0.0.0/0
right = 52.25.225.42
rightid = site2
rightsubnet = 0.0.0.0/0
mark = 12
conn site2-site1
left = 10.0.2.254
leftid = site2
leftsubnet = 0.0.0.0/0
right = 35.155.151.175
rightid = site1
rightsubnet = 0.0.0.0/0
mark = 12
How should I define the VTI tunnel? I've tried like this...
ip tunnel add vti0 local 10.0.1.254 remote 52.25.225.42 mode vti key 12
ip tunnel add vti0 local 10.0.2.254 remote 35.155.151.175 mode vti key
12
...but it doesn't seem to work.
This is the first time I've tried to setup VTI and I'm not sure how it
ought to work when both VPN servers are behind NAT.
--
Florin Andrei
http://florin.myip.org/
More information about the Users
mailing list