On 23/07/2021 00:57, Allen Dial via discuss wrote: > Hello, > > > I am wondering if anyone knows how to setup ovs-ipsec usingĀ NAT traversal, > the documentation shows that one can use ovs-ipsec provided both sides of the > tunnel have accessible public IP addresses, but I am interested in setting up > two switches where only one side has a public ip and the other is behind NAT. > The situation is such that I cannot do port forwarding on the router either. > NAT traversal is a common practice in ipsec for implementations outside of > OVS, but I don't know if that functionality has made it to OVS. > > > As there are no instructions for this type of topology in the documentation, > I am hoping there is someoneĀ on this list that has accomplished it.
Libreswan should support NAT-traversal. I have not personally tried it but this bug was raised suggesting that there may be a problem with it: https://bugzilla.redhat.com/show_bug.cgi?id=1935599 Have you tried something like this setup? Are you using Libreswan or Strongswan? > > > Thank you, > Allen > > > _______________________________________________ > discuss mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
