[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] host-to-host with NAT support
From: "Michael C. Cambria" <mcc () fid4 ! com>
Date: 2014-10-30 14:22:18
Message-ID: 5452499A.3070702 () fid4 ! com
[Download RAW message or body]
Using rightsubnet=0.0.0.0/0seems to be working.
On 10/29/2014 04:08 PM, Michael C. Cambria wrote:
> Hi,
>
> Is host to host supported when one side is behind NAT? I'm using
> strongSwan U5.1.2/K3.13.0-35-generic on Ubuntu 14.04 and IKEv2
>
>
> The configuration below only works when I explicitly tell the server
> what the IPv4 address is of the client that is behind NAT. e.g. I
> uncomment "rightsubnet=10.1.2.189/32", where 10.1.2.189 is the IP
> address behind NAT.
>
> Server side:
>
> conn S1
> left=public-ip-address
> leftcert=Cert.pem
> leftfirewall=yes
> right=%any
> rightid=@user@example.com
> #rightsubnet=10.1.2.189/32
> auto=add
>
> Client (initiator) behind NAT side:
>
> conn C1
> left=%defaultroute
> leftcert=Cert1.pem
> leftfirewall=yes
> right=public-ip-address
> rightid=@user@example.com
> auto=add
>
>
> I don't always know what the IP address will be, otherwise I'd just
> specifiy it in the config. NAT seems to be detected, port 4500 is used
> and keep-alive sent.
>
> Does soemthing else need to be enabled for this to work auto-magically?
>
> Thanks,
> MikeC
>
>
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic