Hi, I do some tests with two computers connected directly. IKE_AUTH message still sends through UDP/4500. why will this happen? ... thanks. ^_______^
--- 09/11/13 (五),Andreas Steffen <[email protected]> 寫道: 寄件者: Andreas Steffen <[email protected]> 主旨: Re: [strongSwan] nat traversal in ikev1 and ikev2 收件者: "Jessie Liu" <[email protected]> 副本: [email protected] 日期: 2009年11月13日,五,下午4:45 Hi Jessie, NAT traversal cannot be disabled in the IKEv2 charon daemon. If you don't like automatic port floating to UDP/4500 due to the MOBIKE protocol (RFC 4555) which happens even if no NAT situation exists then you can disable MOBIKE by adding mobike=no to ipsec.conf in the connection definition Regards Andreas NAT Jessie Liu wrote: > Hi all, I saw in ipsec.conf that nat_traversal configuration is only > for IKEv1. why it is non-configured in IKEv2? it should be optional, > right? if i want to disable nat traversal in ikev2, what should i do? > > > Thanks. ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== ___________________________________________________ 您的生活即時通 - 溝通、娛樂、生活、工作一次搞定! http://messenger.yahoo.com.tw/ _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
