[Openswan Users] NAT Problem

Paul Wouters paul at xelerance.com
Thu May 12 12:16:24 CEST 2005

On Thu, 12 May 2005, Tom Hughes wrote:

>> NAT-T and IPsec passthrough are incompatible. If you prefer to use the
>> router's IPsec passthrough, you will have to disable NAT-T.
> I want to use NAT-T because tunnel mode connections from Windows
> systems (required for IPsec passthrough) seem to be incompatible
> with the Windows firewall.

Disable IPsec passthrough. If there is no option to disable IPsec passthrough
in your router, the recommended way to disable IPsec passthrough is to use
a big axe and spend another $40 on a consumer router that does not mangle
packets with IPsec passthrough.

IPsec passthrough is like blood letting. It might have seemed to be a
good practice at the time, but it it has been proven that it only does harm.


More information about the Users mailing list