mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
7c5a2974b9
For documentation purposes the new folders ikev1-algs, ikev2-algs, ikev1-multi-ca and ikev2-multi-ca have been created. Most of the test cases have now been converted to the vici interface. The remaining legacy stroke scenarios yet to be converted have been put into the ikev2-stroke-bye folder. For documentation purposes some legacy stroke scenarios will be kept in the ikev1-stroke, ikev2-stroke and ipv6-stroke folders.
9 lines
601 B
Plaintext
9 lines
601 B
Plaintext
The roadwarrior <b>alice</b> sitting behind the NAT router <b>moon</b> sets up a
|
|
tunnel to the subnet hiding behind the NAT router <b>sun</b>. All IKE and ESP traffic
|
|
directed to the router <b>sun</b> is forwarded to the VPN gateway <b>bob</b>
|
|
using destination NAT. UDP encapsulation is used to traverse the NAT routers.
|
|
<p/>
|
|
Upon the successful establishment of the IPsec tunnel, the updown script automatically
|
|
inserts iptables-based firewall rules that let pass the tunneled traffic.
|
|
In order to test the double NAT-ed IPsec tunnel <b>alice</b> pings the inner IP address
|
|
of the router <b>sun</b>. |