Hi, > If I did not select the --enable-NAT-Transport when I compile the > strongswan, .... If NAT-T feature can be shutdown by this above method?
This option is for IKEv1 and affects transport mode connections only. > If strongswan default enable this NAT-T feature, and then the > following message parsing will be encountered issues due to the "4 > bytes of non-ESP" and port floating RFC3948. UDP-Encapsulation and other NAT features are enabled only if a NAT was actually detected. strongSwan always includes NAT detection payloads in IKE_SA_INIT requests. If your peer does not support NAT traversal, it will (or should) ignore these payloads and will not include own NAT detection payloads. If strongSwan does not receive NAT detection payloads in IKE_SA_INIT, it assumes your peer is not capable of NAT traversal and will not enable any NAT specific features. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
