[Openswan dev] Re: [Users] routing problem with NAT?
mcr at sandelman.ottawa.on.ca
Sat Apr 3 10:34:08 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Nate" == Nate Carlson <natecars at natecarlson.com> writes:
>> Correct, I use this patch. kernel 2.4.25
>> Mar 15 23:21:34 moulinsart pluto: including NAT-Traversal
>> patch (Version 0.6b)
>> Ok, so what is the objective of NAT-T patch ?
Nate> AFAIK, it's to allow roadwarriors behind a NAT gateway to
Nate> connect to a IPSec server, and the networks behind it. You use
Nate> the Xsubnet= to specify what internal IP address the NAT'd box
Nate> is using, and I'm fairly certain there's not a way to also
Nate> have a subnet behind it, without doing something exotic like
Nate> gre tunnels over the ipsec link.
There is no reason why you can't build a tunnel like:
subnet1====GWA----NAT ******* GWB---subnet2
And build a tunnel using NAT-T between GWA/GWB that connects subnet1
and subnet2. This isn't the most frequent use, which is where subnet1
is denegerate to a /32 assigned to a road warrior.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev