[Openswan Users] VPN for NATed clients
Norman Rasmussen
normanr at gmail.com
Sat Aug 27 18:27:27 CEST 2005
It's called NAT-t, and depending on which kernel version and openswan
version you use, you will have varying degrees of success getting it
to work.
On 27/08/05, Richard Pickett <Richard.Pickett at csrtechnologies.com> wrote:
> I haven't used openswan that much, but I am very happy with how easy it
> is to use and how simple it is to setup.
>
> One problem I'm seeing coming for me is having multiple clients that are
> SNATed that are connecting into the VPN. So I have two remote clients on
> the same internal network. When they go out to the Internet they both
> end up with the same public IP. Openswan isn't going to be able to
> determine which IP proto 50 is coming from which client, is it? And
> even worse, even if openswan could, more than likely their NATing router
> probably can't tell the difference between IP 50 packets coming from the
> vpn server to the clients in order to route them to the correct client.
>
> Is there a really easy way to maybe first make a tcp/udp tunnel (which
> doesn't have to be secured) and then IPSec through the tunnel?
>
> Thanks!
>
> Richard W. Pickett, Jr.
> President, CSR Technologies .com, Inc.
> Richard.Pickett at CSRTechnologies.com
> Office - (270) 746-0324
> Cell - (270) 303-9154
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Users
mailing list