Hi, I have raised a similar issue before and I would like to request help on this again as I cannot figure this out.
Using VyOS 1.2.3 AMI on AWS. I have been told by AWS and I believe that it is accurate to state that an EIP assigned to an instance (in this case a VyOS AMI) is NOT considered a NAT. However, it looks like according to the logs, VyOS / Strongswan clearly thinks that it is behind a NAT and thus IPSec is established over port 4500. I do not want to use port 4500 but rather port 500 / ESP. Is anyone experiencing a similar issue and is there a way around it? I can replicate this issue by establishing tunnels to multiple different environments (GCP, Azure etc.).
IP 52.215 is local (VyOS)
IP 35.242 is remote side
Logs from remote side:
Logs from local (VyOS)
The authentication id is correctly set to the public IP of the VyOS instance in the config. Does anyone have any ideas how to get around this NAT detection issue and get IPSec not to use port 4500?
Thank you in advance