[strongSwan-dev] IKEv2: Allow peer to choose between transport xor tunnel mode in presence of NAT
Martin Willi
martin at strongswan.org
Wed Jul 10 09:05:22 CEST 2013
Hi Sebastian,
> 1. IPsec transport mode when peer is using the new strongSwan 5.1.0dr2
> 2. IPsec tunnel mode when peer is using the old strongSwan 5.0.4 (i.e. as a
> fallback mechanism)
Even if you configure transport mode, 5.1.0 should accept tunnel mode
for that connection. When using transport mode, any client not
supporting it (for example because it detected NAT) just omits the
transport mode notify and the connection uses a tunnel mode fallback.
> Do I really need two conn templates in ipsec.conf file (one for transport
> mode and one for tunnel mode)?
No, you'll need just one having type=transport.
Regards
Martin
More information about the Dev
mailing list