Nat
-
To be honest, I'm kind of a layman at ipsec, I'm studying to understand better.
I believe the hardest I get, which is dripping 192.168.0.1
-
I will question them, and redo this rule
-
Thank you so much for your help, I will change my security and talked to them too.
-
As said above, try to insist to use at least
- AES-256 (CBC) or AES-256-GCM (better)
- IKEv2 (seems available)
- SHA-256 or SHA-384
- DH Group 20 (nist ecp384)
and the same in phase 2. Lifetimes 28800 and 3600 are OK.
@jimp or @johnpoz or any other global mods: Please move that topic to IPSEC as the NAT part is pretty much nonexistent and/or subject to a IPSEC connection - so nothing to do with classical inbound or outbound NAT settings :)
-
I already fixed
-
Remove the checkbox in front of 3DES so your connection will not simply downgrade if the other side wants to speak 3DES. Otherwise you'll still connect with that :)
Also many peers don't run IPSEC with AES-GCM yet (even in 2019 - a shame!) so be prepared to select AES256 (CBC) instead. Not that performant but secure nontheless. -
Thank you for your help.
unchecked the 3d
I already questioned the other side about the settings. -
@felipe_antocheski said in Nat:
protocol
OpenVPN is fast, flexible, and secure you should give it a try.
-
I already have and use the problem that when I connect with it I can't use my local network
-
Somehow I suspect that that answer was some spam-bot as it isn't related to anything written here. But
when I connect with it I can't use my local network
That would just be a simple OVPN configuration mistake. If that's still a problem - just ask in another topic and we'll deal with it then ;)
