[Swan] net-to-net for road warriors
Alex
mysqlstudent at gmail.com
Thu Jan 24 02:57:28 UTC 2019
Hi,
> > The endpoint is not behind NAT. It is laptops and desktops and phones
> > connected to the remote VPN gateway on a private network with a
> > dynamic IP. The gateway then uses NAT to allow them to communicate
> > with the Internet, of course.
>
> I'm still not fully clear what you are doing. Are the laptops and
> desktops and phones on a LAN with NAT and there is a remote VPN gateway
> somewhere else on the internet? If you then your right= should for sure
> point to that remote VPN server DNS name or IP address on your clients'
> config.
It looks like this:
[Remote Office] [Main office]
192.168.11.0/24 ----- dynamicIP libreswan ------ VPN gateway libreswan
--- 192.168.1.0/24
There are laptops and desktops in a building with a dynamic IP from
Optonline. In the main office there is a static IP and other desktops
and laptops and phones. I'd like to connect the two branch offices
together, and figured since one side had a dynamic IP connecting to
the Internet, it would be considered a road warrior setup. I now know
that's not correct.
> > So you're saying go back to using RSA keys instead of certs, correct?
>
> No I did not.
Okay. I read that net-to-net connections were using RSA keys:
https://libreswan.org/wiki/Subnet_to_subnet_VPN
https://libreswan.org/wiki/Host_to_host_VPN
That's when I switched.
At some point I thought it was working. Is there a known problem with
using RSA keys? Any idea why it can't find its own private key?
I will try now with certs.
More information about the Swan
mailing list