[Swan] NoNAT connection not working from Windows 10 but works from wireless connected hosts (SOLVED)

[Paul Wouters]

On Fri, 26 Nov 2021, Mirsad Goran Todorovac wrote:

> After trying with our CARNet NOC people, they have changed something on 
> firewalls and the L2TP-PSK-noNAT
> configuration now works! I have filed the Windows 10 error 809 problem, and 
> docs say it was most likely
> the firewall or the interim network equipment, and it was ...
>
> I have waster 5 days on this, it appears that ever since the connection 
> started working in the café on their wireless
> network and your rightsubnet=vhost:%no suggestion.
>
> I apologize for all the inconvenience I caused you. Fortunately, there are 
> not so many troubled admins on the
> planet 😁.

Thanks for letting us know! We don't always get the positive feedback to
know an issue was resolved and not a bug on our end.

> I will now try if the IKEv2 with RSA connection was also bugged with our 
> firewall. You have suggested that
> IKEv1 L2TP with IPSEC and transport mode was deprecated, but I had to have 
> something working to start with.

Makes sense. It will just be less painful going forward to use IKEv2.
For instance, if you end up with two devices behind the same NAT, your
L2TP/IPsec will not work for them due to Transport Mode. So yes, do try
and use IKEv2 instead.

> Thank you once again for all your help. You have been very supportive. I seem 
> to have started to really like
> libreswan. It has some excellent ideas for network FSAs to work.

Thanks for your kind words. We try to have a vibrant community where
people help each other. It is the way[tm]  :)

Paul