[strongSwan] L2TP/IPSec Passthrough - Interfaces?
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Jun 6 22:34:32 CEST 2017
Make sure you removed existing conntrack records for the UDP traffic that you want to DNAT.
On 06.06.2017 22:25, Tom Rymes wrote:
> On 06/06/2017 4:14 PM, Noel Kuntze wrote:
>> Did you also DNAT the ESP traffic, if you somehow don't use UDPENCAP, as you should with NAT?
>
> We did add a rule for that, but that's not saying we did it right. As for UDPENCAP, I can't say for certain, but I'll dig on that vis-a-vis Windows RRAS.
>
> Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170606/3fe8222d/attachment.sig>
More information about the Users
mailing list