Hi all, I have a problem understanding how NAT Traversal is implemented in StrongSwan.
I thought that an IPSEC endpoint which is enabled for NAT Traversal will listen on Port 500 and Port 4500. Any IKE negotiation starts on port 500 first, when a NAT device is detected, the negotiation continues on port 4500. Playing around with StrongSwan, nat_traversal=no has StrongSwan listening only on port 500 (and using port 500 for connections); nat_traversal=yes moves the listening port and destination port to 4500. This is contrary to what my belief was how NAT Traversal works. Can you comment please? Regards, Holger _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
