[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    Re: [strongSwan] host-to-host with NAT support
From:       "Michael C. Cambria" <mcc () fid4 ! com>
Date:       2014-10-30 14:22:18
Message-ID: 5452499A.3070702 () fid4 ! com
[Download RAW message or body]


Using rightsubnet=0.0.0.0/0seems to be working.

On 10/29/2014 04:08 PM, Michael C. Cambria wrote:
> Hi,
>
> Is host to host supported when one side is behind NAT?  I'm using 
> strongSwan U5.1.2/K3.13.0-35-generic on Ubuntu 14.04 and IKEv2
>
>
> The configuration below only works when I explicitly tell the server 
> what the IPv4 address is of the client that is behind NAT. e.g. I 
> uncomment "rightsubnet=10.1.2.189/32", where 10.1.2.189 is the IP 
> address behind NAT.
>
> Server side:
>
> conn S1
>         left=public-ip-address
>         leftcert=Cert.pem
>         leftfirewall=yes
>         right=%any
>         rightid=@user@example.com
>         #rightsubnet=10.1.2.189/32
>         auto=add
>
> Client (initiator) behind NAT side:
>
> conn C1
>         left=%defaultroute
>         leftcert=Cert1.pem
>         leftfirewall=yes
>         right=public-ip-address
>         rightid=@user@example.com
>         auto=add
>
>
> I don't always know what the IP address will be, otherwise I'd just 
> specifiy it in the config. NAT seems to be detected, port 4500 is used 
> and keep-alive sent.
>
> Does soemthing else need to be enabled for this to work auto-magically?
>
> Thanks,
> MikeC
>
>

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]