Hi, Set remote and local IKE ports to something else than 500 and NON-ESP markers are set automatically, so NAT-T is then on by default, so to say. Just start off with port 4510. No need to float up. :)
Kind regards Noel Am 08.01.21 um 15:09 schrieb Michael Schwartzkopff:
Hi, I have two different VPN servers behind ONE NAT address. Yes, I know it is nonsense, but it is the situation given here. One runs with 500/4500. Everything is find. I configured the firewall to forward packets on these port to the first VPN server. I want to use port 510 and 4510 for the second server. I configured charon.conf according. On the client side I configured rightikeport=510. So the client sends the init request from port 500 to port 510. The server recognizes the NAT-T on both ends, sends back the response. The clients sends third packet from port 4500 to port 4500, which fails of course. Is there any possibility to tell the client to use port 45100 of the ESP-encap port? Mit freundlichen Grüßen,
OpenPGP_signature
Description: OpenPGP digital signature