On 7/13/2022 5:43 PM, Paul Wouters wrote:
On Wed, 13 Jul 2022, Mirsad Goran Todorovac wrote:
There seems to be a gotcha here: Windows 10 VPN client attempts to
connect to port 4500 (nat-t-ike):
16:29:26.860159 IP6 (flowlabel 0xd2a37, hlim 128, next-header UDP
(17) payload length: 1264) 2001:b68:2:2600::51.4500 >
2001:b68:2:2600::3.4500: [udp sum ok] NONESP-encap: isakmp 2.0 msgid
00000001 cookie 9db4ab32a688a0c0->bbedac47611d87f2: child_sa
ikev2_auth[I]:
(#53) [|v2IDi]
That makes sense. It detected NAT so it has to switch to use port 4500.
Actually, the address 2001:b68:2:2600::51 is static to the client PC. It
shouldn't do the NAT thing. :-/
And here you say you do not listen on 4500:
https://lists.libreswan.org/pipermail/swan/2018/002487.html
Ohh, you are NATed on IPv6? I am not sure if we support that.
Ignore that older message of me. Please ensure udp port 4500
on the libreswan server is reachable from the internet.
I'll have to test for every provider I connect with.
Sometimes it is not our choice. And most of the times, I choose direct
SLAAC or better DHCPv6 with DDNS.
But I can't seem to find how to prevent Win 10 VPN client from trying to
establish a NAT connection. I will try more Googling.
Mirsad
--
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
