On Fri, 18 Jun 2021, Mason Wardle wrote:
If it's any help, here is the configuration of strongswan that allows Windows connection without registry modification. Based on these settings, I tried playing around with "encapsulation", "nat-ikev1-method", "fragmentation", and "compress" settings:
Are you sure that is what is happening? The windows registry setting is all about windows allowing encapsulation even if detected it was not behind a NAT. That's nothing really different on the server.
ipsec.conf:
forceencaps=no
Right, it does need to force encaps, because the server is behind NAT, so both ends will detect it and use proper encapsulation. This is also the libreswan default. I'm confused why strongswan and libreswan would act differently. I suspect there might be a difference in your testing parameters, or the windows registry did/didnt (un)do properly ? Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
