[Swan] disable nat-t

Frank Liu gfrankliu at gmail.com
Mon Sep 24 14:24:28 UTC 2018


My side runs libreswan and remote side runs some version of Checkpoint. The
tunnel comes up but sometimes goes down and can't be re-established. When
this happens, tcpdump shows libreswan tries to phase 1 fine on port 500,
but then switch to use port 4500 (probably due to the Vendor ID from
remote), but remote doesn't respond on 4500 anymore.

With latest libreswan, I can set  nat-ikev1-method=none so my side doesn't
send anything to their 4500. Everything works. Since I have to use Centos7
which comes with older libreswan 3.23. Is there anything I can do to
disable nat-t in older versions?

Thanks!
Frank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180924/2ff4fc35/attachment.html>


More information about the Swan mailing list