I'll give it a look. I just got my cellular device which approximates the actually scenario we will have so this should be a bit easier.
On Mon, Oct 8, 2018 at 3:17 PM Paul Wouters <[email protected]> wrote: > On Sun, 7 Oct 2018, rayv33n wrote: > > > > > Yes, sir. That actually helps me understand and confirm a few things. My > lab setup has two hosts. Each host is in a different network routed through > a firewall with no > > NAT. They work perfectly creating SA and having no problems. But when > ipsechost01 tries to talk to the AWS instances check out ipsechost01 to > Thor(AWS). Which is AWS NAT > > with ipsechost behind a firewall, also NAT. > > > > Feel free to give me example configs or anything else you want me to try > this is all lab stuff and I have time so I can be your lab monkey. > > We do have various test cases covering all these IPv4 scenarios, see > test results at: > > > http://testing.libreswan.org/results/testing/v3.26-79-g41cda6b-master/ > > and the list of test cases and their configs: > > https://github.com/libreswan/libreswan/tree/master/testing/pluto > > The newoe-* testcases do a bunch of anonymous OE tests > the certoe-* test cases do opportunistic encryption using certificates > > For example, certoe-06-nat-packet-cop seems to be the test case that > covers connecting from behind NAT to a server. I don't think we have > a testcase for a server behind a portforward like AWS. I'll see about > adding that in the near future. > > Paul > -- You are FREE to become a slave Key ID: 9A452ABAA4593489 Finger Print: 7A8A 5849 ED44 52B1 0D8A EDAC 9A45 2ABA A459 3489 *Pub Key: * http://pgp.mit.edu:11371/pks/lookup?search=rayv33n%40gmail.com&op=index
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
