Reputation: 861
L2TP/IPSec NAT issue
I am a little confusing.
A(L2TP/IPSec VPN server ) ---- B(router) ------ (internet) ------- C(router) ------ D(client)
Can a L2TP/IPSec VPN server(A) behind NAT,serve clients(D) behind other different NATS? Can the IKE message corrected be routed to the L2TP/IPSec VPN server behind NAT?
PS: I dont have any authority to change the B router's NAT configuration. A & D can communicate with the same server who has a public IP address.
Upvotes: 2
Views: 937
Answers (2)
Reputation: 841
Basically you have the problem of hole punching, e.g. here . In this way "strongSwan" p.13 above uses a Mediator Server, which prepares the routing from both endpoints (through their NAT) to the common public network and shares the public addresses/ports of opposite endpoints. So the end points can send messages immediately to each other. With asymmetric NAT this won't work in common. In any case there is no need to touch NAT.
Upvotes: 0
Reputation: 861
I got the answer myself IKEv2 mediation has a solution for this kind of problem http://www.strongswan.org/docs/LinuxTag2008-strongSwan.pdf
Upvotes: 3
Related Questions
- How to use WebRtc when NAT traversal doesn't seem to work?
- libutp (µTP) and NAT traversal (UDP hole punching)
- Unable to NAT IP with Iptables and Strongswan in AWS
- NAT port forwarding not working, while ssh tunnel does
- AWS VPN NAT'ing
- NAT translation not working from inside the network (hairpin condition)
- What's the point of using L2TP together with IPSec?
- connecting to a private ip
- IPsec tunnel on CentOs
- NAT, P2P and Multiplayer