[strongSwan] Help with StrongSwan 4.3.4 and NAT-T
bmcchesney at gmail.com
Mon Mar 29 11:37:32 CEST 2010
Thank you for your suggestion. I would be happy to use IKEv2 for
StrongSwan to StrongSwan instances, but unfortunately we have some
sites that are not StrongSwan and only support IKEv1.
For example we have one site with a WatchGuard using IKEv1 behind NAT.
Unfortunately, if the WatchGuard is restarted after a connection is
established, then (as described previously) StrongSwan won't accept
packets over UDP 500 until it too is restarted.
I presumed a case demonstrating the problem with only StrongSwan would
Do you know if there should be a way to resolve this problem, or is
IKEv1 with NAT-T not supported by StrongSwan any more?
On 24 March 2010 11:03, Andreas Steffen wrote:
> Hello Bob,
> why don't you just switch to IKEv2 (keyexchange=ikev2) which
> is a much more stable and robust protocol?
More information about the Users