[Openswan Users] Forcing udp-encaps when not on a NAT'd connection?

Mathieu Lafon mlafon at arkoon.net
Thu Jun 10 18:38:44 CEST 2004


Nate Carlson wrote on 10/06/2004 17:33:20 :
> > #define FORCE_NAT_TRAVERSAL in pluto/nat_traversal.c ?
>
> Will that work in the case where you're not actually behind NAT,
> but still want the encaps code?

Yes, you need to enable it on at least one gateway and they will
both think that there is NAT between them and enable ESPinUDP.

> If so, it's not very flexible, but hey, better than nothing.  :)

Doing it on a per-connection basis is not very difficult.

-- 
Mathieu Lafon - Arkoon Network Security


More information about the Users mailing list