[Openswan dev] Re: [Users] routing problem with NAT?
Henrik Nordstrom
hno at marasystems.com
Wed Mar 17 16:25:10 CET 2004
On Wed, 17 Mar 2004, Nate Carlson wrote:
> Hmm, what's the proper way to configure this? On the VPN gateway, do you
> just define rightsubnetwithin/%vhost to include the subnet that you want
> to route to on the remote end?
We defined it just as a normal tunnel with a road-warrior gateway. No
special options was required for NAT-T other than to have NAT-T enabled
globally and using a kernel + pluto supporting NAT-T.
Only if you want to support a road-warrior host (not a network behind
road-warrior gateway) is special options required in the tunnel definition
to enable the dynamic address assignment.
As I said we tested this with Super-FreeS/WAN 1.99.8 but I see no reason
why this should have changed in the later releases (OpenS/WAN included).
Will test again in the next cycle of IPSEC development, probably in May.
Regards
Henrik
More information about the Dev
mailing list