mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
ad14f2084e
This tests moving from a public IP behind a NAT and back (with proper changes of the UDP encapsulation).
10 lines
745 B
Plaintext
10 lines
745 B
Plaintext
The roadwarrior <b>alice</b> is sitting behind the NAT router <b>moon</b> but
|
|
at the outset of the scenariou is also directly connected to the 192.168.0.0/24 network
|
|
via an additional <b>eth1</b> interface. <b>alice</b> builds up a tunnel to gateway <b>sun</b>
|
|
in order to reach <b>bob</b> in the subnet behind. When the <b>eth1</b> interface
|
|
goes away, <b>alice</b> switches to <b>eth0</b> and signals the IP address change
|
|
via a MOBIKE ADDRESS_UPDATE notification to peer <b>sun</b>. Later the interface
|
|
comes back up again and because the best path is preferred (charon.prefer_best_path)
|
|
there is another switch to the directly connected path. <b>alice</b> sets
|
|
a virtual IP of 10.3.0.3, so that the IPsec policies don't have to be changed.
|