Hi, Rather than simply having an ipsec tunnel with nat traversal, the goal is to have an ovs-ipsec tunnel.
Unless I’m misunderstanding, I was under the impression that ovs could create and maintain ipec tunnels from within ovs-ipsec and just relies on libreswan or strongwan daemons as implementation. If I attempt your suggestion, can the tunnel created from within libreswan or strongwan directly still be controlled and maintained from ovs-ipsec? Thank you. On Jul 23, 2021, 1:51 AM -0600, Mark Gray <[email protected]>, wrote: > On 23/07/2021 00:57, Allen Dial via discuss wrote: > > Hello, > > > > > > I am wondering if anyone knows how to setup ovs-ipsec using NAT traversal, > > the documentation shows that one can use ovs-ipsec provided both sides of > > the tunnel have accessible public IP addresses, but I am interested in > > setting up two switches where only one side has a public ip and the other > > is behind NAT. The situation is such that I cannot do port forwarding on > > the router either. NAT traversal is a common practice in ipsec for > > implementations outside of OVS, but I don't know if that functionality has > > made it to OVS. > > > > > > As there are no instructions for this type of topology in the > > documentation, I am hoping there is someone on this list that has > > accomplished it. > > > Libreswan should support NAT-traversal. I have not personally tried it > but this bug was raised suggesting that there may be a problem with it: > > https://bugzilla.redhat.com/show_bug.cgi?id=1935599 > > Have you tried something like this setup? Are you using Libreswan or > Strongswan? > > > > > > > Thank you, > > Allen > > > > > > _______________________________________________ > > discuss mailing list > > [email protected] > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > >
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
