Messages

1

Virtual private networks / Re: Understanding the "new way" of BiNAT over IPSec

« on: May 30, 2024, 06:15:35 pm »

Okay guys i found what the problem was. We  use service  in docker container and tunnel should be working with'em but in this server severa containers which have they own network inside.

And it turns out that the service in the container tried to ping another service in another container and not the end host on the other side of tunnel

And I configured Binat and Ipsec correctly the first time.
That's it

2

Virtual private networks / Re: Understanding the "new way" of BiNAT over IPSec

« on: May 28, 2024, 03:42:36 pm »

Thanks. I'm fighting with binat already third day and binat still wins me.

I wrote everything what i found in officials docs but still no chance.

I already up first phase and it's okey but the second phase not working.


172.16.10.48/32 - > 10.10.1.1/32 - my WAN side -- WAN side B - 172.19.4.102/32

In a phase 2 i set my address 10.10.1.1
SPD set 172.19.4.102 only.

Req ID sets by system 5
1:1 NAT settings as in docs.
Rules-Ipsec allow all traffic

Logs says in this config that querying policy  not found. No connections.

But if i set install policy phase 2 making up, connections established on both sides but not reachable.

3

Virtual private networks / Re: Understanding the "new way" of BiNAT over IPSec

« on: May 28, 2024, 01:37:15 pm »

Why need adding manually SPD records if we can make "install policy" in settings of phase 1?