[Openswan Users] VPN-1 Edge X to Openswan success (AES)

[Paul Wouters]

On Sun, 18 Dec 2005, Jacco de Leeuw wrote:

> > conn passthrough-for-non-l2tp
> >         type=passthrough
> >
> > This allows both l2tp/ipsec and plaintext connections from behind the same
> > NAT router.
>
> Is this something specific for kernel 2.4 and/or KLIPS?

I have not tried to see if this is needed for NETKEY, but I would assume
so. It is not so much about the packet routing, but the fact that you
have a policy up between the IP's of the nat router and your server. Someone
else behind the same nat router, not using ipsec, trying to connect to the
ipsec server (using ssh or www) would be dropped otherwise.

Paul
-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)