[Swan] NAT-Traversal with IPsec transport mode
Paul Wouters
paul at nohats.ca
Thu Sep 16 20:14:02 UTC 2021
On Thu, 16 Sep 2021, Ahmed Sameh wrote:
> I am OK to switch to tunnel mode, if that will solve my problem, and I appreciate if you can share an
> example config.
I don't know enough about kubernetes to give you a working config. One
of the main issue is whether the nodes know their "public IP" that does
not live within their own container. Eg you would need to define a
leftsubnet= and rightsubnet= to get the native IPs of the nodes, but
I'm not sure how you could communicate that to generate the config.
there might be tricks to play, like using 0.0.0.0/0 with narrowing=yes
but then there is a security issue of how do you know/trust the remote
node's IP address. What if they pick 8.8.8.8/32 ?
Paul
More information about the Swan
mailing list