[Openswan Users] NAT Problem
Paul Wouters
paul at xelerance.com
Thu May 12 12:16:24 CEST 2005
On Thu, 12 May 2005, Tom Hughes wrote:
>> NAT-T and IPsec passthrough are incompatible. If you prefer to use the
>> router's IPsec passthrough, you will have to disable NAT-T.
>
> I want to use NAT-T because tunnel mode connections from Windows
> systems (required for IPsec passthrough) seem to be incompatible
> with the Windows firewall.
Disable IPsec passthrough. If there is no option to disable IPsec passthrough
in your router, the recommended way to disable IPsec passthrough is to use
a big axe and spend another $40 on a consumer router that does not mangle
packets with IPsec passthrough.
IPsec passthrough is like blood letting. It might have seemed to be a
good practice at the time, but it it has been proven that it only does harm.
Paul
More information about the Users
mailing list