Peter,

At least with Cisco hubs this is standard behaviour. There is no way
for NHRP to disambiguate between two different IPSec peers that have
the same global address. In theory if the source ports were NATed it
might be possible to use that, Cisco doesn't, don't believe that
opennhrp can either.

Sorry, hope that someone else has a workaround,

-JohnF

On Tue, Jun 7, 2016 at 12:50 PM,  <pbar...@netprotec.com> wrote:
> After figuring out my issue and DMVPN working as expected in my lab, I
> decided to increase the complexity to real world situations by putting one
> spoke behind a firewall and relying on NAT.  This still worked perfectly and
> ipsec tunnels connected with no issue.  However, when I placed the second
> spoke behind a firewall with NAT I have not been able to complete the ipsec
> tunnel connection. Before I start providing configurations and logs I was
> wondering if there was a simple answer to this, I have searched strongswan
> forums and opennhrp and have found nothing to tell me that this should or
> should not work.
>
> Thanks,
>
> --
> Peter Barton
>
>
>
>
> --------- Original Message ---------
> Subject: Re: [opennhrp-devel] Quagga-NHRP
> From: pbar...@netprotec.com
> Date: 5/28/16 9:38 am
> To: "Timo Teras" <timo.te...@iki.fi>
> Cc: opennhrp-devel@lists.sourceforge.net
>
> I figured my problem, I assumed that since "ip forwarding" was set inside
> "vtysh" that it was also set for sysctl.  I set net.ipv4.ip_forward=1 and
> everything started working!
>
> Thanks for the great product!.
>
> --
> Peter Barton
>
> --------- Original Message ---------
> Subject: Re: [opennhrp-devel] Quagga-NHRP
> From: "Timo Teras" <timo.te...@iki.fi>
> Date: 5/27/16 12:17 am
> To: pbar...@netprotec.com
> Cc: opennhrp-devel@lists.sourceforge.net
>
> On Thu, 26 May 2016 20:14:49 -0700
> pbar...@netprotec.com wrote:
>
>> I emailed this to the quagga-users list but I was not sure where you
>> would want it so I copied it here as well.
>>
>> I have working through the Dynamic Multipoint VPN (DMVPN) Phase 3
>> with Quagga NHRPd and I have successfully configured a Hub and 2
>> Spokes. I am able to nail up two IPSEC encrypted GRE tunnels between
>> Spoke1 -> Hub and Spoke2 -> Hub. BGP is sharing all routes between
>> all 3 points. However, when I attempt to connect between
>> Spoke1-Spoke2 Phase 3 never occurs and no direct tunnel is even
>> attempted to connect.
>
> Did you configure the iptables rule on hub required for the redirect
> notifications?
>
> See:
> http://git.alpinelinux.org/cgit/user/tteras/quagga/tree/nhrpd/README.nhrpd?h=nhrp#n85
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports.
> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e_______________________________________________
> opennhrp-devel mailing list opennhrp-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> opennhrp-devel mailing list
> opennhrp-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel

Reply via email to