[Openswan Users] NAT not needed on both sides
Marcel J.E. Mol
marcel at mesa.nl
Wed Apr 7 10:21:06 CEST 2004
On Tue, Apr 06, 2004 at 10:36:17PM +0200, jacco2 wrote:
> On Tue, Apr 06, 2004 at 08:34:18PM +0200, Marcel J.E. Mol wrote:
>
> > In my case A is the ipsec 'server' receiving the connections.
> > Host B are the roadwarriors initiating the connections.
> > So does this mean B does not need special support for nat-t?
>
> If you are using nat_traversal=no and it works anyway, you are
> using a feature of your NAT device called IPsec passthrough.
> These are mutually exclusive, so should you want to use NAT-T
> after all, you must disable IPsec passthrough.
Actually, the NAT device is a linux iptables firewall also running openswan
(for some other setup). Will openswan be acting as a IPsec passthrough
in that case? (I did not do anything specific to 'enable' ipsec
passthrough, so is this something done by default?)
-Marcel
--
======-------- Marcel J.E. Mol MESA Consulting B.V.
=======--------- ph. +31-(0)6-54724868 P.O. Box 112
=======--------- marcel at mesa.nl 2630 AC Nootdorp
__==== www.mesa.nl ---____U_n_i_x______I_n_t_e_r_n_e_t____ The Netherlands ____
They couldn't think of a number, Linux user 1148 -- counter.li.org
so they gave me a name! -- Rupert Hine -- www.ruperthine.com
More information about the Users
mailing list