[Openswan Users] Nat-T and draytek
paul at xelerance.com
Thu Sep 23 18:19:16 CEST 2004
On Thu, 23 Sep 2004, Luis Rodrigues wrote:
> In the linux side, I've got an Draytek 2500 ADSL router to connect to the
> Internet, and the NAT question was simply resolved with an iptables rule
> that MASQued all interfaces except ipsec0.
MASQ all connections except when the destination is a range at the other
end of a VPN tunnel. Either use the MASQ rule with -d \! yourrange/mask
or use multiple -j RETURN entries for seperate ranges not to masq. See
the wiki or archive for examples.
> I've been reading some tihings about the NAT-T patch, which comes with
> OpenSwan, but encapsulating the ESP packets in UDP packets will be a problem
> with the Draytek 2600 in the other side. How can i get this to work?
Your problem (as far as I understand) has nothing to do with NAT-T.
"Non cogitamus, ergo nihil sumus"
More information about the Users