The following options apply to every IPSec VPN tunnel. These settings are available on the tab.
: Enable Network Address Translation (NAT) of the encrypted packets. If this parameter is disabled, NAT cannot be used on the encrypted VPN packets, because NAT modifies the header of the packets. Modified packets will be rejected by the remote endpoint, because they were modified by a third party (the device performing the network address translation).
Note Port UDP/4500 is automatically opened if the
Nat Traversalis enabled.: Include log messages of the IKE protocol in the logs.
: If enabled and the VPN interface needs to fragment a packet, then the VPN interface sends a notification to the sender in an ICMP message. This allows the sender to lower its PMTU to avoid packet fragmentation.
: Remove the Type of Service parameter from the tunneled packets.
For details on the other options, see the strongSwan documentation available at http://wiki.strongswan.org/.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu
