My side runs libreswan and remote side runs some version of Checkpoint. The tunnel comes up but sometimes goes down and can't be re-established. When this happens, tcpdump shows libreswan tries to phase 1 fine on port 500, but then switch to use port 4500 (probably due to the Vendor ID from remote), but remote doesn't respond on 4500 anymore.
With latest libreswan, I can set nat-ikev1-method=none so my side doesn't send anything to their 4500. Everything works. Since I have to use Centos7 which comes with older libreswan 3.23. Is there anything I can do to disable nat-t in older versions? Thanks! Frank
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
