[Openswan Users] Net-after-IPSec

Ted Kaczmarek tedkaz at optonline.net
Thu Sep 30 08:55:37 CEST 2004

On Wed, 2004-09-29 at 23:52 -0400, Christian Tardif wrote:
> On Wed, 2004-09-29 at 19:05, Jacco de Leeuw wrote:
> > This post by Clive A Stubbings may be helpful:
> > http://lists.openswan.org/pipermail/users/2004-August/001954.html
> I've seen this post regarding patches to apply in order to get a working
> NAT-after-IPSec....  The patches have been applied, and the kernel has
> been compiled with no errors. But then, my question is still on the
> table.
> > You mean you are using L2TP/IPsec? You don't have to. You
> > can use plain IPsec if you are willing to set up Panther's
> > racoon configuration manually, but you can also install a
> > third-party application that does it for you.
> Plain IPsec has its limitations. For example, you won't be able to get
> your way to a second (after the recorded subnet in IPsec config) subnet
> (or am I misunderstanding something ?). And since I won't always have
> control over the Panther machine on the other end, I must stay the
> nearest standard possible.
What do you mean by this?

 If you are saying the policy does not allow access to a different ip
than what is allowed how is that a limitation?

> > See also:
> > http://wiki.openswan.org/index.php/InteroperatingMac
> I'll keep an eye on it, but I think I still need to use L2TP...
> Other cues ?
> Thanks you all....

More information about the Users mailing list