[Openswan Users] VPN for NATed clients

Norman Rasmussen normanr at gmail.com
Sat Aug 27 18:27:27 CEST 2005


It's called NAT-t, and depending on which kernel version and openswan
version you use, you will have varying degrees of success getting it
to work.

On 27/08/05, Richard Pickett <Richard.Pickett at csrtechnologies.com> wrote:
> I haven't used openswan that much, but I am very happy with how easy it
> is to use and how simple it is to setup.
> 
> One problem I'm seeing coming for me is having multiple clients that are
> SNATed that are connecting into the VPN. So I have two remote clients on
> the same internal network. When they go out to the Internet they both
> end up with the same public IP. Openswan isn't going to be able to
> determine which IP proto 50 is coming from which client, is it?  And
> even worse, even if openswan could, more than likely their NATing router
> probably can't tell the difference between IP 50 packets coming from the
> vpn server to the clients in order to route them to the correct client.
> 
> Is there a really easy way to maybe first make a tcp/udp tunnel (which
> doesn't have to be secured) and then IPSec through the tunnel?
> 
> Thanks!
> 
> Richard W. Pickett, Jr.
> President, CSR Technologies .com, Inc.
> Richard.Pickett at CSRTechnologies.com
> Office - (270) 746-0324
> Cell    - (270) 303-9154
> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 


-- 
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/


More information about the Users mailing list