-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Rolf,
I'm not sure if it works, because farp sends ARP messages for the whole pool, not just the currently addresses that are given to peers using MODE_CONFIG or QUICK_MODE. NAT shouldn't be a problem, if you only apply it to packets that aren't handled by ipsec and only going to the WAN. I think it should work alright from the peer's viewpoint, if the firewall on the gateway is set up correctly. A friendly note: Make your gateway push bypass policies for the LAN to clients that are in your LAN. That way traffic for the LAN won't be routed over the gateway. Mit freundlichen Grüßen/Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 12.10.2014 um 16:34 schrieb Dr. Rolf Jansen: > I am referring to the example setup given at > http://www.strongswan.org/uml/testresults/ikev2/farp/index.html. > > My question is, whether carol and dave do have access to the web server > winnetou from within the internal network by the way of a NAT'ing moon? > > Best regards > > Rolf > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJUOtA0AAoJEDg5KY9j7GZYMcUP/3/X0kdlkcorDUXN9Ln3yY/J Vw/6goJ0UOS4wQHeWgOSgCtAd0MvSp3n3Xk88HXgCiqkpJpyuz+bb0E1NCjSz/Kv WWQmj9LiPYzGagvN/H1u4cm08t27XYrFT56g90tOG2eY9wojKknfLhsK0jT/R2/u xQ+Di7hcaWgyeFrBcBoB/LW0BTnPqA1Eq2lk/cO3V54EobpbpeXU8XHjRIjyKVIp +OnPNyWkwDTRqht8Ae2G1VO+E2szLsLnmdO+OdKr1jwtVgtdUElEH8u/xLfm5/EZ xhpyOb+7lYIjzlRD2VjiwBiB++KQv3RgsoKeLOK2s5QAiGndaFbWZxU21m5igGqL rJEY5SrczcZun33h0RPbAxXJH9P6P3V+ITvusOnVNvlI7swA16rjoaGRiRd41Unr 92dVhLp8WNHStZyAvWseWXwG2WTe2aplxVkHHXF6MvbSg/uInZ9tN3HPQ7Q7XqhK XfsyXgfoU//YolfpqcvMYDh3EKTV6Yw0RSs2tGqmUeAP6gfpSVsXGa6AuZhkR9iE vBRLzyOokm6hgmtqQJREk/IWIg3oyBDLkqsexK1/bkToCjRYHf9mNVCBXiS1t/D3 hI+r4UWt+N99n7Iqu9QrK0hQ9ZBhiTKmSrqttgNAvhkDlNMrrTO0kIo0ZLJcNeuN +oyz9wR1/w/FbLIC+22X =ArEU -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
