Project

General

Profile

Issue #3360

strongswan 5.8.1 config parameter

Added by ray chao 5 months ago. Updated 5 months ago.

Status:
Feedback
Priority:
Normal
Category:
configuration
Affected version:
5.8.1
Resolution:

Description

when i use config item:

nat_traversal=no
nhelpers=0
virtual_private = %v4:0.0.0.0/0
leftid=x.x.x.x
rightid=x.x.x.x

strongswan will start fail,I know this is a parameter of the previous version, but I still need to use it's function.(ex:NAT,private...)
Are there other similar parameters that can be used?
And,leftid and rightid will need to be used when IPTYPE or FQDN connection type,but it will cause the connection establish fail, what are the reasons,
Or is there something wrong with the setup?

Thanks

History

#1 Updated by Tobias Brunner 5 months ago

  • Category set to configuration
  • Status changed from New to Feedback

nat_traversal=no
nhelpers=0
virtual_private = %v4:0.0.0.0/0
leftid=x.x.x.x
rightid=x.x.x.x

strongswan will start fail,I know this is a parameter of the previous version

The second and thrid have never been defined for any version of strongSwan. nat_traversal was a global option once, but it never has been supported for IKEv2 and is not supported at all since 5.0.0.

Are there other similar parameters that can be used?

No idea what they do.

And,leftid and rightid will need to be used when IPTYPE or FQDN connection type

What do you mean?

but it will cause the connection establish fail, what are the reasons,
Or is there something wrong with the setup?

Possibly.

#2 Updated by ray chao 5 months ago

Tobias Brunner wrote:

nat_traversal=no
nhelpers=0
virtual_private = %v4:0.0.0.0/0
leftid=x.x.x.x
rightid=x.x.x.x

strongswan will start fail,I know this is a parameter of the previous version

The second and thrid have never been defined for any version of strongSwan. nat_traversal was a global option once, but it never has been supported for IKEv2 and is not supported at all since 5.0.0.

So, does it mean that versions after 5.0.0 do not support NAT-T?

Are there other similar parameters that can be used?

No idea what they do.

And,leftid and rightid will need to be used when IPTYPE or FQDN connection type

What do you mean?

In the scenario:
https://www.strongswan.org/uml/testresults/ikev2/net2net-psk/
left=192.168.0.1
leftid=@moon.strongswan.org

This case use leftid and rightid,but this parameter is no longer supported in the new version of strongswan,so how to set it if i want to use FQDN?

but it will cause the connection establish fail, what are the reasons,
Or is there something wrong with the setup?

Possibly.

#3 Updated by Tobias Brunner 5 months ago

So, does it mean that versions after 5.0.0 do not support NAT-T?

Not at all, it's just always enabled.

And,leftid and rightid will need to be used when IPTYPE or FQDN connection type

What do you mean?

In the scenario:
https://www.strongswan.org/uml/testresults/ikev2/net2net-psk/
left=192.168.0.1
leftid=@moon.strongswan.org

This case use leftid and rightid,but this parameter is no longer supported in the new version of strongswan,so how to set it if i want to use FQDN?

What do you mean? That scenario is run successfully with the latest version of strongSwan. If you are interested in how identities are parsed, see here.

Also available in: Atom PDF