Re: [Swan] converting to use NAT traversal

Nick Howitt Sat, 04 Jan 2020 01:25:58 -0800

Try changing right to %any. Also check that your firewall allows udp:4500. If you use different configs at either end, then auto should be "add" at orion and can be "start" at wyckoff.

Nick

On 03/01/2020 21:57, Alex wrote:

Hi,
I've had a site-to-site VPN using libreswan built and working between
two Optonline/Altice systems, one with a dynamic IP and the other with
a static IP, for quite some time, but we've had to move the satellite
office with the dynamic IP to one where we're only given a private
192.168.1.0/24 network and have no access to the outside public IP
interface.


Can I use NAT traversal for this? If so, how do I convert my existing
configuration to use it?

In this config, "wyckoff" is the dynamic (now private IP) side and
"orion" is the static IP side.

conn orion-wyckoff
        ikev2=insist
        authby=rsasig
        auto=add
        dpddelay=10
        dpdtimeout=90
        dpdaction=clear
        rightid=@wyckoff-orion
        rightsubnets={192.168.11.0/24,192.168.10.0/24}
        right=wyckoff.example.com
        rightrsasigkey=0sAwEAAd4EeKjbFI7mmwxfztoH9AfzQUlk7ffvgDNNbj...
        leftid=@orion-wyckoff
        left=orion.example.com
        leftsubnets={192.168.1.0/24,192.168.6.0/24}
        leftrsasigkey=0sAwEAAeSMFxvoJaP54tr660XAjQN35fCKMhi6AxnXMP8iu...
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Re: [Swan] converting to use NAT traversal

Reply via email to