Hi all,
I've used strongswan for some time, and I found a problem when I use it under
the situation that the WAN's IP of NAT router is changed.
As the following illustration, I use a computer as client alice, which is
behind a NAT router. A IPSec tunnel is set up between alice and GATEWAY sun.
Now the IP of CLIENT alice is IP11,the IP of GATEWAY sun is IP22,and WAN's IP
of NAT router is IP21.
_____________
_____________
IP11 IP12| | IP21
IP22| |
CLIENT--------------------------| NAT Router
|--------------------------| GATEWAY |
alice |_____________|
|_____sun_____|
Before the WAN's IP is changed, the IPSec tunnel is available, and CLIENT alice
can communicate with GATEWAY sun. When WAN's IP of NAT router IP21 is changed
to IP23 for some reasons, the tunnel still exists, but CLIENT alice can not
communicate with GATEWAY sun anymore. GATEWAY sun can not receive DPD response
from CLIENT alice, and the tunnel is deleted after the DPD timeout.
_____________
_____________
IP11 IP12| | IP23
IP22| |
CLIENT--------------------------| NAT Router
|--------------------------| GATEWAY |
alice |_____________|
|_____sun_____|
It's no doubt that Strongswan does support NAT, but how to configure strongswan
to support this situation? I checked Configure HOWTOS and strongswan UML test
on www.strongswan.org, but I cannot find any way to figure out this problem. My
strongswan's version is 4.5.2 with linux kernel 2.6.36.4, does it work? Or does
the problem can be figured out with the latest version of strongswan? 4.6.4 or
5.0.0 ?
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
