[Openswan Users] VPN for NATed clients

Paul Wouters paul at xelerance.com
Sat Aug 27 18:51:27 CEST 2005


On Sat, 27 Aug 2005, Richard Pickett wrote:

> One problem I'm seeing coming for me is having multiple clients that are
> SNATed that are connecting into the VPN. So I have two remote clients on
> the same internal network. When they go out to the Internet they both
> end up with the same public IP. Openswan isn't going to be able to
> determine which IP proto 50 is coming from which client, is it?  And
> even worse, even if openswan could, more than likely their NATing router
> probably can't tell the difference between IP 50 packets coming from the
> vpn server to the clients in order to route them to the correct client.

NAT-Traversal fixes that by putting proto 50 packets in UDP packets. The
ports used for the two clients will be different.

There are apparently some issues with NAT-T and transport mode (used with
L2TP) but for normal tunnel mode, things should work fine.

I'm interested to hear your experiences though,

Paul


More information about the Users mailing list