[Swan] Windows 10 ipsec issues

Paul Wouters paul at nohats.ca
Fri Jun 18 20:31:31 UTC 2021

On Fri, 18 Jun 2021, Mason Wardle wrote:

> If it's any help, here is the configuration of strongswan that allows Windows connection without registry modification. Based on
> these settings, I tried playing around with "encapsulation", "nat-ikev1-method", "fragmentation", and "compress" settings:

Are you sure that is what is happening? The windows registry setting is
all about windows allowing encapsulation even if detected it was not
behind a NAT. That's nothing really different on the server.

> ipsec.conf:

>   forceencaps=no

Right, it does need to force encaps, because the server is behind NAT, so both
ends will detect it and use proper encapsulation. This is also the
libreswan default.

I'm confused why strongswan and libreswan would act differently. I
suspect there might be a difference in your testing parameters, or
the windows registry did/didnt (un)do properly ?


More information about the Swan mailing list