All,
I am trying to determine if a certain configuration is possible. I currently have the example ikev1/nat-before-esp configured. (http://www.strongswan.org/uml/testresults/ikev1/nat-before-esp/) Both the Client Alice and the Gateway Moon can successfully ping the Client Bob. I would like to specify a virtual ip for moon in this configuration. I have been able to assign a virtual ip address by adding the line leftsourceip=%modecfg, so that moons configuration looks like the following: config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no charonstart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev1 conn host-net left=192.168.0.1 leftsourceip=%modecfg leftcert=moonCert.pem [email protected] leftfirewall=yes right=192.168.0.2 rightsubnet=10.2.0.0/16 [email protected] auto=add Moon successfully gets the virtual ip address and is still able to ping Client Bob. However Client Alice is no long able to ping Client Bob. Using a network sniffer I am able to see that Moon's pings are being encapsulated, and Alice's pings are being NATed but not encapsulated. Any suggestions? Thank you, Mark
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
