[Swan] IPv6 Question

Paul Wouters paul at nohats.ca
Wed Jul 13 18:43:41 EEST 2022

On Wed, 13 Jul 2022, Mirsad Goran Todorovac wrote:

> There seems to be a gotcha here: Windows 10 VPN client attempts to connect to 
> port 4500 (nat-t-ike):
> 16:29:26.860159 IP6 (flowlabel 0xd2a37, hlim 128, next-header UDP (17) 
> payload length: 1264) 2001:b68:2:2600::51.4500 > 2001:b68:2:2600::3.4500: 
> [udp sum ok] NONESP-encap: isakmp 2.0 msgid 00000001 cookie 
> 9db4ab32a688a0c0->bbedac47611d87f2: child_sa  ikev2_auth[I]:
>     (#53) [|v2IDi]

That makes sense. It detected NAT so it has to switch to use port 4500.

> And here you say you do not listen on 4500: 
> https://lists.libreswan.org/pipermail/swan/2018/002487.html

Ohh, you are NATed on IPv6? I am not sure if we support that.
Ignore that older message of me. Please ensure udp port 4500
on the libreswan server is reachable from the internet.


More information about the Swan mailing list