Am 14.03.2017 01:46 schrieb Mik J:
Hello Sebastien,I'm not sure there's something special to force nat-t,
it's
automatic.The natted side has to initiate the flow to the non natted
side.If
the two sides are natted then there should be a port forward to one of
them.There should be a nat keepalive parameter as well.
Since I've seen this on several occassions, check that isakmpd is /not/
having the flag -T. But you might want to use -L and look into the
resulting
/var/run/isakmpd.pcap (hint: tail -fc+0 isakmpd.pcap|tcpdump -netttvvr
-)
and watch out for the vendor lines in the proposal if NAT-T is actually
advertised - and of course allow 4500/udp in both directions.
