On Sun, 7 Oct 2018, rayv33n wrote:
Yes, sir. That actually helps me understand and confirm a few things. My lab setup has two hosts. Each host is in a different network routed through a firewall with no NAT. They work perfectly creating SA and having no problems. But when ipsechost01 tries to talk to the AWS instances check out ipsechost01 to Thor(AWS). Which is AWS NAT with ipsechost behind a firewall, also NAT. Feel free to give me example configs or anything else you want me to try this is all lab stuff and I have time so I can be your lab monkey.
We do have various test cases covering all these IPv4 scenarios, see test results at: http://testing.libreswan.org/results/testing/v3.26-79-g41cda6b-master/ and the list of test cases and their configs: https://github.com/libreswan/libreswan/tree/master/testing/pluto The newoe-* testcases do a bunch of anonymous OE tests the certoe-* test cases do opportunistic encryption using certificates For example, certoe-06-nat-packet-cop seems to be the test case that covers connecting from behind NAT to a server. I don't think we have a testcase for a server behind a portforward like AWS. I'll see about adding that in the near future. Paul _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan