Project

General

Profile

Issue #3360

strongswan 5.8.1 config parameter

Added by ray chao over 1 year ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.8.1
Resolution:
No feedback

Description

when i use config item:

nat_traversal=no
nhelpers=0
virtual_private = %v4:0.0.0.0/0
leftid=x.x.x.x
rightid=x.x.x.x

strongswan will start fail,I know this is a parameter of the previous version, but I still need to use it's function.(ex:NAT,private...)
Are there other similar parameters that can be used?
And,leftid and rightid will need to be used when IPTYPE or FQDN connection type,but it will cause the connection establish fail, what are the reasons,
Or is there something wrong with the setup?

Thanks

History

#1 Updated by Tobias Brunner over 1 year ago

  • Category set to configuration
  • Status changed from New to Feedback

nat_traversal=no
nhelpers=0
virtual_private = %v4:0.0.0.0/0
leftid=x.x.x.x
rightid=x.x.x.x

strongswan will start fail,I know this is a parameter of the previous version

The second and thrid have never been defined for any version of strongSwan. nat_traversal was a global option once, but it never has been supported for IKEv2 and is not supported at all since 5.0.0.

Are there other similar parameters that can be used?

No idea what they do.

And,leftid and rightid will need to be used when IPTYPE or FQDN connection type

What do you mean?

but it will cause the connection establish fail, what are the reasons,
Or is there something wrong with the setup?

Possibly.

#2 Updated by ray chao over 1 year ago

Tobias Brunner wrote:

nat_traversal=no
nhelpers=0
virtual_private = %v4:0.0.0.0/0
leftid=x.x.x.x
rightid=x.x.x.x

strongswan will start fail,I know this is a parameter of the previous version

The second and thrid have never been defined for any version of strongSwan. nat_traversal was a global option once, but it never has been supported for IKEv2 and is not supported at all since 5.0.0.

So, does it mean that versions after 5.0.0 do not support NAT-T?

Are there other similar parameters that can be used?

No idea what they do.

And,leftid and rightid will need to be used when IPTYPE or FQDN connection type

What do you mean?

In the scenario:
https://www.strongswan.org/uml/testresults/ikev2/net2net-psk/
left=192.168.0.1
leftid=@moon.strongswan.org

This case use leftid and rightid,but this parameter is no longer supported in the new version of strongswan,so how to set it if i want to use FQDN?

but it will cause the connection establish fail, what are the reasons,
Or is there something wrong with the setup?

Possibly.

#3 Updated by Tobias Brunner over 1 year ago

So, does it mean that versions after 5.0.0 do not support NAT-T?

Not at all, it's just always enabled.

And,leftid and rightid will need to be used when IPTYPE or FQDN connection type

What do you mean?

In the scenario:
https://www.strongswan.org/uml/testresults/ikev2/net2net-psk/
left=192.168.0.1
leftid=@moon.strongswan.org

This case use leftid and rightid,but this parameter is no longer supported in the new version of strongswan,so how to set it if i want to use FQDN?

What do you mean? That scenario is run successfully with the latest version of strongSwan. If you are interested in how identities are parsed, see here.

#4 Updated by Tobias Brunner 9 months ago

  • Status changed from Feedback to Closed
  • Resolution set to No feedback

Also available in: Atom PDF