[Openswan Users] NAT not needed on both sides

Marcel J.E. Mol marcel at mesa.nl
Wed Apr 7 10:21:06 CEST 2004

On Tue, Apr 06, 2004 at 10:36:17PM +0200, jacco2 wrote:
> On Tue, Apr 06, 2004 at 08:34:18PM +0200, Marcel J.E. Mol wrote:
> > In my case A is the ipsec 'server' receiving the connections.
> > Host B are the roadwarriors initiating the connections.
> > So does this mean B does not need special support for nat-t?
> If you are using nat_traversal=no and it works anyway, you are 
> using a feature of your NAT device called IPsec passthrough.
> These are mutually exclusive, so should you want to use NAT-T
> after all, you must disable IPsec passthrough.

Actually, the NAT device is a linux iptables firewall also running openswan 
(for some other setup). Will openswan be acting as a IPsec passthrough
in that case? (I did not do anything specific to 'enable' ipsec
passthrough, so is this something done by default?)

     ======--------         Marcel J.E. Mol                MESA Consulting B.V.
    =======---------        ph. +31-(0)6-54724868          P.O. Box 112
    =======---------        marcel at mesa.nl                 2630 AC  Nootdorp
__==== www.mesa.nl ---____U_n_i_x______I_n_t_e_r_n_e_t____ The Netherlands ____
 They couldn't think of a number,           Linux user 1148  --  counter.li.org
    so they gave me a name!  -- Rupert Hine  --  www.ruperthine.com

More information about the Users mailing list