Hi Martin, Thank you for your detail information.
Best Regards, David -----邮件原件----- 发件人: Martin Willi [mailto:[email protected]] 发送时间: 2009年10月26日 18:10 收件人: weiping deng 抄送: 'users' 主题: Re: 答复: How can I shutdown the NAT-T feture of IKEv2 Hi, > If I did not select the --enable-NAT-Transport when I compile the > strongswan, .... If NAT-T feature can be shutdown by this above method? This option is for IKEv1 and affects transport mode connections only. > If strongswan default enable this NAT-T feature, and then the > following message parsing will be encountered issues due to the "4 > bytes of non-ESP" and port floating RFC3948. UDP-Encapsulation and other NAT features are enabled only if a NAT was actually detected. strongSwan always includes NAT detection payloads in IKE_SA_INIT requests. If your peer does not support NAT traversal, it will (or should) ignore these payloads and will not include own NAT detection payloads. If strongSwan does not receive NAT detection payloads in IKE_SA_INIT, it assumes your peer is not capable of NAT traversal and will not enable any NAT specific features. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
