I got my ipsec transport connection to go from my home server to my work server and I could even send dns through it away from AT&T's prying eyes.
Unfortunately then any other computer behind my NAT couldn't talk my server.
@alienghic you did tunnel mode of course?
@saper i haven't gotten tunnel mode to work this was transport mode since it was host to host and i don't understand traffic selectors. Any time i try tunnel mode i get errors about traffic selectors being incompatible(?).
@saper :) Yep! I've gotten that far. For tunnel mode I'm currently still failing to understand how traffic selectors, private subnets interact and when do you need a virtual ip.
@alienghic well you probably need to forget about NAT and do it before it enters IPsec. But this can be very tricky. Last time I did it this was Cisco IOS...
@saper I started looking at putting strongswan on my router, but then the openwrt documentation was somewhat discouraging comment about ipsec performance on a small router.
Though I found a new comment saying the router I'm currently using should be fine.
@alienghic it has to be done on both sides the same way... but I am sure you already know that.