Project

General

Profile

Issue #3223

Updated by Tobias Brunner 9 months ago

hi,
In my environment,NAT traversal enabled which happens even if no NAT situation exists.So I disable MOBIKE by adding mobike=no to ipsec.conf,But the udp port always automatic floating to 4500.I need your help!
My configuration and run logs are shown below´╝Ü
<pre>
root@ubuntu:/home/fastgate/misc/strongswan/etc/ipsec.conf.d# cat conn.tunnel.1
conn %default
# -- Negotiate --
keyexchange = ikev2
keyingtries = 1
mobike = no
closeaction = clear
# -- IKE SA Lifetime --
reauth = no
# -- IPSEC SA Lifetime --
rekey = no
# -- DPD --
dpdaction = clear
dpddelay = 10s
# -- Other --
right = %any
auto = add
conn tunnel-1
left = 192.168.13.100
leftsubnet = 0.0.0.0/0
leftauth = psk
leftid = "*dengjie@psk"
rightsourceip = 21.21.21.10-21.21.21.19
rightauth = psk
</pre>


run logs:
<pre>
15[CFG] received stroke: add connection 'tunnel-1'
15[CFG] conn tunnel-1
15[CFG] left=192.168.13.100
15[CFG] leftsubnet=0.0.0.0/0
15[CFG] leftauth=psk
15[CFG] leftid=*dengjie@psk
15[CFG] right=%any
15[CFG] rightsourceip=21.21.21.10-21.21.21.19
15[CFG] rightauth=psk
15[CFG] ike=aes128-sha256-curve25519
15[CFG] esp=aes128-sha256
15[CFG] dpddelay=10
15[CFG] dpdtimeout=150
15[CFG] dpdaction=1
15[CFG] closeaction=1
15[CFG] mediation=no
15[CFG] keyexchange=ikev2
15[CFG] adding virtual IP address pool 21.21.21.10-21.21.21.19
15[CFG] added configuration 'tunnel-1'
</pre>


Thanks!

Back