Hi folks,
To work around some sites having problems with ESP over IPv6 I had
disabled ESP by setting
forceencaps = yes
in ipsec.conf on my gateway. It worked fine for MacOS, iphones and
Linux, but many Windows users (if not all) were offline. Is this as
expected? Is there a hidden checkbox somewhere in Windows 10 to
optionally enable ESP over 4500/UDP?
https://docs.strongswan.org/docs/5.9/features/natTraversal.html
mentions that the whole NAT-T thing is optional, without giving
more specific details.
Every insightful comment is highly appreciated
Harri
