[Openswan Users] NAT on both ends
Michael Richardson
mcr at sandelman.ottawa.on.ca
Tue Apr 6 11:02:10 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "nguez" == nguez <Antonio> writes:
nguez> I'm trying to connect a Windows VPN client which is behind a
nguez> NAT router to a openswan server which also is behind another
nguez> NAT router. Somebody has made work something like that?
nguez> It's feasible that this double NAT scenary will work or I
nguez> need to redesign the network structure?
In theory, it can be made to work if the NAT boxes will permit you to
forward ports. In practice, it is a disaster.
You would be wisest to redesign the network. Make the openswan box do
the NAT.
(btw, the term "double NAT" usually means:
client---NAT1----NAT2====Internet )
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQHK4YIqHRg3pndX9AQFHXQQA4G9NG95pxc4GtVC2VE92lRAKtnGZzfkt
eSbBwC2+AtKLvYxM+vd7i+KjwKpZ3cdkDHgd4V+UMykSOqKet9OEO0Sy2d3bfiB7
Fb6aUJghaJ83gwr2zEEBi7crh51sAUIwKTuTJ76eeA7g4toL5KFv1Tuzz8zAfjOe
zhi3T/9e2hM=
=a9oF
-----END PGP SIGNATURE-----
More information about the Users
mailing list