[Swan] net-to-net for road warriors
mysqlstudent at gmail.com
Thu Jan 24 19:19:07 UTC 2019
Thanks so much for sticking with me here.
> > This is my config now:
> > conn host-to-host
> > left=orion.guardiandigital.com
> > leftid=@orion
> > leftsubnet=192.168.1.0/24
> > leftrsasigkey=0sAwEAAczgDWWfK4A83Q1e/fTYS2C...
> > right=%any
> > rightsubnet=192.168.11.0/24
> > rightrsasigkey=0sAwEAAZRIg5GeGCHBqp561KQrfoiQnwsh...
> > rightid=@wyckoff
> > auto=add
> > rekey=no
> I assume that orion is the side on fixed ip/dns name, and that wyckoff
> is the end with a dynmic IP and behind NAT. In that case, on orion
> you can use this config. On wyckoff you will need to change "right=%any"
> to "right=%defaultroute". All other options can be the same, and you do
> not need to change left/right or anything.
I'm continuing to work through your email, but I've noticed now a few
times you've referred to the server having a dynamic IP and behind
NAT, but I never said anything about it being behind NAT. It's an
Optonline dynamic IP, currently 126.96.36.199. There is a
192.168.11.0/24 network on the internal interface that the
laptops/desktops/phones use (or will use) through NAT on the server to
get to the Internet.
It is correct that orion is on the side of the fixed IP. That is the local side.
Does this change the setup? You had also mentioned something about
only devices behind NAT could initiate, but those devices aren't the
ones running the VPN client.
More information about the Swan