[Openswan Users] VPN for NATed clients
Paul Wouters
paul at xelerance.com
Sat Aug 27 18:51:27 CEST 2005
On Sat, 27 Aug 2005, Richard Pickett wrote:
> One problem I'm seeing coming for me is having multiple clients that are
> SNATed that are connecting into the VPN. So I have two remote clients on
> the same internal network. When they go out to the Internet they both
> end up with the same public IP. Openswan isn't going to be able to
> determine which IP proto 50 is coming from which client, is it? And
> even worse, even if openswan could, more than likely their NATing router
> probably can't tell the difference between IP 50 packets coming from the
> vpn server to the clients in order to route them to the correct client.
NAT-Traversal fixes that by putting proto 50 packets in UDP packets. The
ports used for the two clients will be different.
There are apparently some issues with NAT-T and transport mode (used with
L2TP) but for normal tunnel mode, things should work fine.
I'm interested to hear your experiences though,
Paul
More information about the Users
mailing list