[Openswan Users] defining connection

[Paul Wouters]

On Thu, 17 Jun 2004, John A. Sullivan III wrote:

> However, I am surprised this is working at all.  As far as I know,
> OpenSWAN provides a NAT-T gateway but not a NAT-T client.  

Eh? Openswan can be used as client and as server for nat-t. We always try
to make openswan a full peer on the net with support for both ends. Openswan
is not a server, nor a client. It is a full peer.

> find A across the Internet if A has an address of 192.168.0.1? I know B
> is set to %any so it will accept the packet from the NAT address of A
> but I would think the tunnel end point definitions will not match.  

That is why you use %any and a combination of either virtual_private or
subnetwithin syntax. To bind the outer IP (any) with the inner ip (the virtual
private or subnetwithin)

Paul
-- 

<Reverend> IRC is just multiplayer notepad.