Thanks for your quick response Noel. I am testing a scenario where we don't have 4500 port open on intermediate NAT device. I think my options are: 1. Libreswan : which provides configurable parameter - nat-ikeport(default 4500) 2. Use IPsec client which has nat_traversal parameter a. Older version of strongswan b. Openswan.
I am wondering if the new age Android and Iphone do the automatic port floating in case of NAT-T. I need to test that. Regards, Prashant -----Original Message----- From: Noel Kuntze [mailto:[email protected]] Sent: Thursday, February 25, 2016 10:13 AM To: Prashant Sunkari; [email protected] Subject: Re: [strongSwan] IKEv2: Mobike=no not working Hello Prashant, > But the documentation in link below says, we can prevent port > switching (in any scenario) and doesn't talk about the no NAT detected > scenario. https://wiki.strongswan.org/projects/strongswan/wiki/MobIke You're misunderstanding the documentation. Enabling MOBIKE (or keeping it in the default setting, which is "yes") makes charon try to negotiate mobike support with the other peer and if it is negotiated, float to UDP port 4500 in *any* case, regardless if there is NAT or not. If you disable MOBIKE, one of the following things can happen: *There is NAT: charon will enable NAT-T and float to UDP port 4500. *There is NO NAT: charon will NOT enable NAT-T and NOT float to UDP port 4500. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
