[Openswan Users] Nat-T and draytek

Paul Wouters paul at xelerance.com
Thu Sep 23 18:19:16 CEST 2004

On Thu, 23 Sep 2004, Luis Rodrigues wrote:

> In the linux side, I've got an Draytek 2500 ADSL router to connect to the
> Internet, and the NAT question was simply resolved with an iptables rule
> that MASQued all interfaces except ipsec0.

MASQ all connections except when the destination is a range at the other
end of a VPN tunnel. Either use the MASQ rule with -d \! yourrange/mask
or use multiple -j RETURN entries for seperate ranges not to masq. See
the wiki or archive for examples.

> I've been reading some tihings about the NAT-T patch, which comes with
> OpenSwan, but encapsulating the ESP packets in UDP packets will be a problem
> with the Draytek 2600 in the other side. How can i get this to work?

Your problem (as far as I understand) has nothing to do with NAT-T.

 	"Non cogitamus, ergo nihil sumus"

More information about the Users mailing list