[Openswan Users] leftprotoport=17/1701 and non-UDP traffic

Paul Wouters paul at xelerance.com
Mon Jan 9 22:13:30 CET 2006


On Mon, 9 Jan 2006, Guillermo Ontañón wrote:

> correct me if i'm wrong but, wouldn't this behaviour (without the
> passthrough conn) prevent any other machine behind a NAT from
> communicating with the IPSec gateway once a roadwarrior behind that NAT
> device has established an IPSec tunnel?

That is correct. This is addressed in the upcoming 2.5 series where we will
support multiple clients behind NAT, and also use the passthrough to allow
non-ipsec clients behind the same NAT to still reach that server (eg for smtp
or webmail).

It will be part of the l2tpd config examples in /etc/ipsec.d/examples/

Paul
-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)


More information about the Users mailing list