On Thu, 9 Sep 2021, Ahmed Sameh wrote:
Can anyone share an example of NAT-Traversal with IPsec transport mode ?
Your quality of life with improve a lot if you avoid ever using
Transport Mode with NAT. Everyone has moved away from it. Only use
transport mode if you are not affected by NAT.
I have the following configuration working for normal traffic but not the NATed
one.
conn private-or-clear
auto=ondemand
type=transport
authby=rsasig
failureshunt=passthrough
negotiationshunt=passthrough
ikev2=insist
left=%defaultroute
leftcert={{ cert_name_pattern }}
leftid=%fromcert
leftrsasigkey=%cert
rightrsasigkey=%cert
rightid=%fromcert
right=%opportunisticgroup
Opportunistic Encryption does not support transport mode plus NAT.
It only supports NAT for the initiator, not for the responder.
It might be worth explaining what you are trying to do so we can discuss
different solutions to your problem.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
