[Openswan Users] SPI - bogus implementation

[Paul Wouters]

On Thu, 27 May 2010, Steve Zeng wrote:

> I put rekey=no in my end(openswan). I got the same errors. If I put auto=add as well, the tunnel is not up automatically.

The instance behind NAT cannot initiate, hence the auto=add and not auto=start. If both are
behind NAT with a portforward, then you deserve all the problems you are having, and rekeying
likely stays a problem for you.

Paul