Hi, > so is there a way to make both of client and server use random ports
Using random ports on the server does not really work because the client has to know the port. > (i > tried to set port_nat_t = 0 but the client doesn't understand it). What do you mean "doesn't understand it"? See [1] regarding custom ports in general. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/NATTraversal#Custom-Server-Ports
