Am 12.10.2014 um 16:02 schrieb Noel Kuntze <[email protected]>: > I'm not sure if it works, because farp sends ARP messages for the whole pool, > not just the currently addresses that are given to peers using MODE_CONFIG or > QUICK_MODE. > NAT shouldn't be a problem, if you only apply it to packets that aren't > handled by ipsec and only going to the WAN. > I think it should work alright from the peer's viewpoint, if the firewall on > the gateway is set up correctly. > > Am 12.10.2014 um 16:34 schrieb Dr. Rolf Jansen: > >> I am referring to the example setup given at >> http://www.strongswan.org/uml/testresults/ikev2/farp/index.html. >> >> My question is, whether carol and dave do have access to the web server >> winnetou from within the internal network by the way of a NAT'ing moon?
I got it now. In said example carol and dave can connect to winnetou via VPN to moon by the way of moon's NAT. For me the obstacle was, that the IP of winnetou must be part of leftsubnet in moon's ipsec.conf. My actual objective was to set up at my home-server aVPN gateway into the internet, so e.g. in public wireless environments I can effectively prevent MITM sneaking into my traffic. For this to work, leftsubnet must be set to the whole internet, i.e. 0.0.0.0/0. FARP is not needed for this. FARP would be needed to access other clients in the local network. Best regards Rolf _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
