[Swan] converting to use NAT traversal

Fri Jan 3 21:57:52 UTC 2020

Hi,
I've had a site-to-site VPN using libreswan built and working between
two Optonline/Altice systems, one with a dynamic IP and the other with
a static IP, for quite some time, but we've had to move the satellite
office with the dynamic IP to one where we're only given a private
192.168.1.0/24 network and have no access to the outside public IP
interface.

Can I use NAT traversal for this? If so, how do I convert my existing
configuration to use it?

In this config, "wyckoff" is the dynamic (now private IP) side and
"orion" is the static IP side.

conn orion-wyckoff
        ikev2=insist
        authby=rsasig
        auto=add
        dpddelay=10
        dpdtimeout=90
        dpdaction=clear
        rightid=@wyckoff-orion
        rightsubnets={192.168.11.0/24,192.168.10.0/24}
        right=wyckoff.example.com
        rightrsasigkey=0sAwEAAd4EeKjbFI7mmwxfztoH9AfzQUlk7ffvgDNNbj...
        leftid=@orion-wyckoff
        left=orion.example.com
        leftsubnets={192.168.1.0/24,192.168.6.0/24}
        leftrsasigkey=0sAwEAAeSMFxvoJaP54tr660XAjQN35fCKMhi6AxnXMP8iu...