[Swan] NAT-Traversal with IPsec transport mode
Ahmed Sameh
me at ahmedsameh.com
Wed Sep 22 14:21:57 UTC 2021
Hi,
It seems to be incompatibility between kube-ipvs and ipsec, but is there a
chance that we can solve this by a different configuration from ipsec side?
https://github.com/cloudnativelabs/kube-router/issues/877
BR,
Ahmed
On Thu, Sep 16, 2021 at 10:14 PM Paul Wouters <paul at nohats.ca> wrote:
> On Thu, 16 Sep 2021, Ahmed Sameh wrote:
>
> > I am OK to switch to tunnel mode, if that will solve my problem, and I
> appreciate if you can share an
> > example config.
>
> I don't know enough about kubernetes to give you a working config. One
> of the main issue is whether the nodes know their "public IP" that does
> not live within their own container. Eg you would need to define a
> leftsubnet= and rightsubnet= to get the native IPs of the nodes, but
> I'm not sure how you could communicate that to generate the config.
>
> there might be tricks to play, like using 0.0.0.0/0 with narrowing=yes
> but then there is a security issue of how do you know/trust the remote
> node's IP address. What if they pick 8.8.8.8/32 ?
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210922/174ed538/attachment.html>
More information about the Swan
mailing list