[Openswan Users] NAT-T Initial Contact IKEv1 Configuration
SVM
svm7 at mail15.com
Mon Dec 22 08:14:22 EST 2014
Hello, all!
Stuck with the problem in configuring NAT-T to make it work using UDP:4500.
I mean, how to force IKE exchange to use NAT-T UDP:4500, instead of
regular UDP:500?
forceencaps=yes as I suppose works only for ESP-packets.
nat-traversal=yes
Simple topology:
- transport mode
- left side(openswan) has global unicast ip
- right side(mikrotik) has full one2one nat rfc1918 address to global
unicast.
There is option to use nat-t in mikrotik and it sends udp:4500, but my
openswan replies to UDP:500, instead of UDP:4500 and 500 port doesn't
pass provider's nat on the right side, but 4500 does!
Also if I set openswan to initiate connection - it also uses UDP:500 for
IKEv1, not UDP:4500.
Am I wrong in something? or I just don't know what is the real problem.
Please help.
--
SVM
More information about the Users
mailing list