[strongSwan] Is IKEv2 + transport mode + NAT traversal supported?
IPSec Interest Group
ipsec.gurus at gmail.com
Tue Oct 5 22:39:22 CEST 2010
I am trying to activate an IKEv2 transport mode tunnel that traverses a
NAT. It appears that, rather than sending the transport mode proposal I
configured, it is instead sending tunnel mode.
IKEv2 + tunnel mode + NAT works fine. So does IKEv1 + transport mode
without a NAT on the tunnel path, so I know I definitely have transport mode
enabled.
Here's the configuration of my connection:
conn NATNone4Tran
left = 192.168.50.9
right = 192.168.49.5
type = transport
keyexchange = ikev2
leftid = @natnone4.left.com
rightid = @natnone4.right.com
pfs = no
auto = add
authby = secret
esp = 3des-md5
When I activate the tunnel, it fails with NO_PROPOSAL_CHOSEN because
StrongSwan has sent a request for tunnel mode, not transport mode.
>From the log, it appears this might be intentional:
Oct 5 16:37:14 linux125 charon: 13[IKE] not using transport mode,
connection NATed
Is the combination of IKEv2 + transport mode + NAT traversal supported?
If so, can you suggest what I might need to configure differently?
Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101005/ae602723/attachment.html>
More information about the Users
mailing list