The IKEv2 protocol includes NAT traversal (NAT-T) in the core standard, but it’s optional to implement. strongSwan implements it and does not require any special configuration. The NAT_DETECTION_SOURCE/DESTINATION_IP notifications included in the IKE_SA_INIT exchange indicate the peer’s NAT-T capability and allow detecting which peer, if any, is behind a NAT device.
To enable the plugin, add– enable -kernel-libipsec … (NAT-T) enabled. … The first option configures the routing rule for strongSwan ‘s own routing table in such a way that the routes in that table will only apply to packets that do not feature the configured fwmark …
strongSwan on FreeBSD … However, if you need NAT Traversal you will still have to enable the IPSEC_NAT_T option and build your own kernel (see below). FreeBSD 11.1 and above now has NAT-T included as well and GENERIC kernel will work.
strongswan server) is quite particular, since it runs a devil-linux distribution (livecd), that i had to rebuild in order to add the– enable -nat-transport on the strongswan script build, it uses strongswan 4.2.16, is there a way to check if the binary is really with the — enable -nat-transport ?, Frequently Asked Questions (FAQ) – strongSwan, Frequently Asked Questions (FAQ) – strongSwan, Frequently Asked Questions (FAQ) – strongSwan
