Test ikev2/double-nat-net

strongSwan UML Tests / ikev2 / double-nat-net

Test ikev2/double-nat-net

Description

The roadwarrior alice sitting behind the NAT router moon sets up a tunnel to the subnet hiding behind the NAT router sun. All IKE and ESP traffic directed to the router sun is forwarded to the VPN gateway bob using destination NAT. UDP encapsulation is used to traverse the NAT routers. leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the double NAT-ed IPsec tunnel alice pings the inner IP address of the router sun.

console.log

alice

ipsec.conf
ipsec.secrets
ipsec.sql
strongswan.conf

ipsec statusall
ipsec listall
auth.log
daemon.log

ip -s xfrm policy
ip -s xfrm state
ip route list table 220
iptables -L

bob

ipsec.conf
ipsec.secrets
ipsec.sql
strongswan.conf

ipsec statusall
ipsec listall
auth.log
daemon.log

ip -s xfrm policy
ip -s xfrm state
ip route list table 220
iptables -L