[Swan] IPv6 Question
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Wed Jul 13 22:57:01 EEST 2022
On 7/13/2022 5:43 PM, Paul Wouters wrote:
> On Wed, 13 Jul 2022, Mirsad Goran Todorovac wrote:
>
>> There seems to be a gotcha here: Windows 10 VPN client attempts to
>> connect to port 4500 (nat-t-ike):
>>
>> 16:29:26.860159 IP6 (flowlabel 0xd2a37, hlim 128, next-header UDP
>> (17) payload length: 1264) 2001:b68:2:2600::51.4500 >
>> 2001:b68:2:2600::3.4500: [udp sum ok] NONESP-encap: isakmp 2.0 msgid
>> 00000001 cookie 9db4ab32a688a0c0->bbedac47611d87f2: child_sa
>> ikev2_auth[I]:
>> (#53) [|v2IDi]
>
> That makes sense. It detected NAT so it has to switch to use port 4500.
Actually, the address 2001:b68:2:2600::51 is static to the client PC. It
shouldn't do the NAT thing. :-/
>> And here you say you do not listen on 4500:
>> https://lists.libreswan.org/pipermail/swan/2018/002487.html
>
> Ohh, you are NATed on IPv6? I am not sure if we support that.
> Ignore that older message of me. Please ensure udp port 4500
> on the libreswan server is reachable from the internet.
I'll have to test for every provider I connect with.
Sometimes it is not our choice. And most of the times, I choose direct
SLAAC or better DHCPv6 with DDNS.
But I can't seem to find how to prevent Win 10 VPN client from trying to
establish a NAT connection. I will try more Googling.
Mirsad
--
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
More information about the Swan
mailing list