[strongSwan] No udp encapsulation behind a NAT device?
Tobias Brunner
tobias at strongswan.org
Tue Aug 4 10:36:21 CEST 2015
Hi Michael,
> VPN connection is established:
There are no CHILD_SAs listed there. Only IKE_SAs. Could you send the
logs of when the SAs are established (including the initial messages
where the NAT is detected). What strongSwan version(s) are you using?
> If I configure forceencaps then the xfrm policy is not set up
Why? What is logged? Anyway, if it doesn't work with forceencaps,
which randomizes NAT-D payloads to fake a NAT situation, it probably
won't work either if an actual NAT is detected otherwise.
Regards,
Tobias
More information about the Users
mailing list