[Swan] Windows 10 ipsec issues
mwardle at caengineering.com
Fri Jun 18 21:02:09 UTC 2021
Thanks for the quick response.
> On Fri, 18 Jun 2021, Mason Wardle wrote:
> > If it's any help, here is the configuration of strongswan that allows
> Windows connection without registry modification. Based on
> > these settings, I tried playing around with "encapsulation",
> "nat-ikev1-method", "fragmentation", and "compress" settings:
> Are you sure that is what is happening? The windows registry setting is
> all about windows allowing encapsulation even if detected it was not
> behind a NAT. That's nothing really different on the server.
The registry change is really the only thing I modified. My VPN
configuration was saved and I just selected it and clicked "Connect". On
the server side, I just verified my current ipsec.conf settings and they
still match what I posted and I retested. I couldn't connect without the
registry mod but I could with the mod.
> > ipsec.conf:
> > forceencaps=no
> Right, it does need to force encaps, because the server is behind NAT, so
> ends will detect it and use proper encapsulation. This is also the
> libreswan default.
> I did a quick test without the registry mod but deleting
"encapsulation=yes" to let libreswan do the default. No change in results.
I'm confused why strongswan and libreswan would act differently. I
> suspect there might be a difference in your testing parameters, or
> the windows registry did/didnt (un)do properly ?
I'm a little greener here so I am not sure of the mapping from strongswan
to libreswan configuration parameters but from what I can tell, all the
important pieces are configured the same.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan