[Openswan Users] NAT-T and ipsec.conf

Brent Clark bclark at rocketseed.us
Wed Sep 1 11:23:42 CEST 2004

>You cannot really test out NAT-T with a %direct connection. You actually
>*have* to NAT the packets, and you cannot do that on the gateways itself.


im pretty clueless on vpns etc, still learning it all.

Cant you put the one vpn on a different nic and subnet

Therefore it will be like

 +-----+	        				+-----------+	    				+----+
 |  1  |192.168.x.a  FW NIC eth0 <---- | Firewall  | -----> FW NIC eth1
10.x.t.u | 2  |
 +-----+    	    				+-----------+    					 +----+

please excuse the mis-allignment of the ascii art.

Kind Regards
Brent Clark

More information about the Users mailing list