[Openswan Users] Aggressive mode, NAT-T, destination behind NAT

Paul Wouters paul at xelerance.com
Wed Apr 12 18:11:17 CEST 2006

On Wed, 12 Apr 2006, Brian Candler wrote:

> That part is OK - in Openswan 2.4.5 that message is just a warning. Also, it
> works fine when I'm using Openswan 2.4.5 to Cisco IOS with main mode. I get
> the same warning and it proceeds.


> I can try replicating this in an openswan-to-openswan setup if you have an
> interest (that is, I've read on this list that aggressive mode is not well
> supported in openswan, so it depends whether you want to work on this or
> not)

aggressive mode is supported, though strongly discouraged for security
If you can give us a openswan-openswan configuration that shows this problem,
we can make a test case, and then the bug should get fixed. Assuming it is
a bug with openswan, and not with the pix.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list