[Swan] Windows 10 ipsec issues

Mason Wardle mwardle at caengineering.com
Fri Jun 18 21:02:09 UTC 2021

Hi Paul,

Thanks for the quick response.

> On Fri, 18 Jun 2021, Mason Wardle wrote:
> > If it's any help, here is the configuration of strongswan that allows
> Windows connection without registry modification. Based on
> > these settings, I tried playing around with "encapsulation",
> "nat-ikev1-method", "fragmentation", and "compress" settings:
> Are you sure that is what is happening? The windows registry setting is
> all about windows allowing encapsulation even if detected it was not
> behind a NAT. That's nothing really different on the server.
The registry change is really the only thing I modified. My VPN
configuration was saved and I just selected it and clicked "Connect". On
the server side, I just verified my current ipsec.conf settings and they
still match what I posted and I retested. I couldn't connect without the
registry mod but I could with the mod.

> > ipsec.conf:
> >   forceencaps=no
> Right, it does need to force encaps, because the server is behind NAT, so
> both
> ends will detect it and use proper encapsulation. This is also the
> libreswan default.
> I did a quick test without the registry mod but deleting
"encapsulation=yes" to let libreswan do the default. No change in results.

I'm confused why strongswan and libreswan would act differently. I
> suspect there might be a difference in your testing parameters, or
> the windows registry did/didnt (un)do properly ?
I'm a little greener here so I am not sure of the mapping from strongswan
to libreswan configuration parameters but from what I can tell, all the
important pieces are configured the same.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210618/0637055a/attachment.html>

More information about the Swan mailing list