On Thu, 5 Mar 2020, Beat Zahnd wrote:
Do not yet really understand how the client (mobile phone) shall detect that the cellular proider NAT changes the port number.
It tells the server in a newly encrypted packet that "My IP/port might have changed, use whatever this packet arrived in as the new IP/port". So without the client knowing it, the server knows it and can just respond. The "newly encrypted" packet has a sequence number so an attacker cannot replay an old packet with a bogus IP/port as denial of service attack.
I recently switched from raccoon/xl2tpd to libreswan IKEv2. Using the Android standard VPN client this was never a problem.
maybe racoon prevented your phone from going into sleep mode completely? Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
