[strongSwan] Force UDP Encapsulation in 5.0.4?

Dan Cook dan.cook at illum.io
Mon Jul 8 06:27:42 CEST 2013


Funny.  I just found that out as your email arrived.

I didn't try it initially because the docs say "prior" to 5.0.0.
e.g.  "Only supported for IKEv2 prior to 5.0.0."
I hope that is just a typo and it is fully supported in 5.0 going forward.
Amazon does not route ESP packets so this is the only way to do
transport mode in the same data center.

Thanks for the help,
Dan


On Sun, Jul 7, 2013 at 8:58 PM, Andreas Steffen
<andreas.steffen at strongswan.org> wrote:
> Hi Dan,
>
> in the connection definition of ipsec.conf add the parameter
>
>   forceencaps=yes
>
> Regards
>
> Andreas
>
> On 07/07/2013 05:04 AM, Dan Cook wrote:
>> I am working in a virtual environment that does not allow ESP traffic.
>>  Is there a way to force strongswan 5.0.4 to use UDP encapsulation of
>> the ESP traffic?   The machines are connected over a non-natted internal
>> network.
>>
>> If this is not possible, can you please advise where in the code I
>> should look to "force" this connection to UDP encapsulation.
>>
>> Thanks,
>> Dan Cook
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>




More information about the Users mailing list