[Openswan Users] Re: NAT Traversal support with openswan (which
draft version initiator/responder?)
Paul Wouters
paul at xelerance.com
Thu Jun 17 23:48:22 CEST 2004
On Thu, 17 Jun 2004, Michael Richardson wrote:
> >>>>> "Xiaoming" == Xiaoming Yu <xiaoming at us.ibm.com> writes:
> Xiaoming> I tried %any in the config file and it found a connection
> Xiaoming> and went a step further. But it failed to find the
> Xiaoming> preshared key in the ipsec.secrets because I am stilling
> Xiaoming> using the private IP there. Previous argument will apply
>
> Don't use PSK with NAT-T.
>
> Use pre-exchanged RSA-keys, or X.509 only.
And if you use a rightid and leftid, the connections will be found
regardless of the IP and wether or not the connection is NATed.
Paul
More information about the Users
mailing list