[strongSwan] How to disable NAT traversal with strongSwan VPN client app (on android device)?
Chinmaya Dwibedy
ckdwibedy at yahoo.com
Tue Jun 13 10:36:34 CEST 2017
Thank you Tobias for your prompt response.
On Tuesday, June 13, 2017 1:14 PM, Tobias Brunner <tobias at strongswan.org> wrote:
Hi Chinmaya,
> I am using the strongSwan VPN client app (as an IKEv2 initiator) in my
> android device. How can I disable NAT feature? Because by default, it
> sends IKE_AUTH request and data traffic in UDP encapsulated packet which
> I do not want.
You can't. The app uses the VpnService API and has limited privileges
so it can't send ESP packets directly (as that would require a RAW
socket, which is only possible in root/CAP_NET_RAW processes). That's
why UDP encapsulation is enforced and can't be disabled.
Regards,
Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170613/a98e3610/attachment.html>
More information about the Users
mailing list