Test ikev2/force-udp-encaps

Description

The roadwarrior alice sitting behind the NAT router moon sets up a tunnel to gateway sun. Since the firewall on sun blocks the ESP protocol, enforced UDP encapsulation (forceencaps=yes) is used by alice to punch through this hurdle. leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the tunnel, host alice pings the client bob behind the gateway sun.

console.log

alice

ipsec.conf
ipsec.secrets
ipsec.sql
strongswan.conf

ipsec statusall
ipsec listall
auth.log
daemon.log

ip -s xfrm policy
ip -s xfrm state
ip route list table 220
iptables -L

sun

ipsec.conf
ipsec.secrets
ipsec.sql
strongswan.conf

ipsec statusall
ipsec listall
auth.log
daemon.log

ip -s xfrm policy
ip -s xfrm state
ip route list table 220
iptables -L

Back