On Sun, 7 Oct 2018, rayv33n wrote:
Yes, sir. That actually helps me understand and confirm a few things. My lab
setup has two hosts. Each host is in a different network routed through a
firewall with no
NAT. They work perfectly creating SA and having no problems. But when
ipsechost01 tries to talk to the AWS instances check out ipsechost01 to
Thor(AWS). Which is AWS NAT
with ipsechost behind a firewall, also NAT.
Feel free to give me example configs or anything else you want me to try this
is all lab stuff and I have time so I can be your lab monkey.
We do have various test cases covering all these IPv4 scenarios, see
test results at:
http://testing.libreswan.org/results/testing/v3.26-79-g41cda6b-master/
and the list of test cases and their configs:
https://github.com/libreswan/libreswan/tree/master/testing/pluto
The newoe-* testcases do a bunch of anonymous OE tests
the certoe-* test cases do opportunistic encryption using certificates
For example, certoe-06-nat-packet-cop seems to be the test case that
covers connecting from behind NAT to a server. I don't think we have
a testcase for a server behind a portforward like AWS. I'll see about
adding that in the near future.
Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
