[Openswan Users] NAT Traversal and transport mode security issues

agascond at able.es agascond at able.es
Fri Apr 2 00:43:18 CEST 2004


I have just setup a gateway with Openswan 2.1.1 with NAT-T support and also have enabled NAT-T Transport Mode so WinXP clients can access using the Microsoft VPN Client.

Ok. I have all working but I'm quite worried about the security issues related with NAT-T and IPSec transport mode which is mandatory if you use the MS client.  

I have found some info about an attacker could redirect packects, spoof protected LAN hosts and so, but I am not sure what these issues are and if I should use this configuration.  Anybody could explain what are these security issues?

Thanks a lot,


More information about the Users mailing list