RES: [Openswan Users] NAT-T
Paul Wouters
paul at xelerance.com
Wed Apr 26 22:05:37 CEST 2006
On Wed, 26 Apr 2006, Domingo Antonio wrote:
>
> Hi Paul! :)
>
> I can't reconfigure tunnel :(
> in my scenario Ill need nat-t patch, right?
then the NAT-T patch won't help you, since it is a feature enhancement
for IPsec. You will need to carefully NAT your packets on the internal
interfaces, before encryption takes place, while not doing NAT on the
external interface, which would interfer with the encryption.
Paul
> -----Mensagem original-----
> De: Paul Wouters [mailto:paul at xelerance.com]
> Enviada em: quarta-feira, 26 de abril de 2006 15:48
> Para: Domingo Antonio
> Cc: users at openswan.org
> Assunto: Re: [Openswan Users] NAT-T
>
> On Wed, 26 Apr 2006, Domingo Antonio wrote:
>
> > I have a host-to-host PSK vpn and behind host-left I have 2 client
> > computers that want to access resources on host-rigth ( i'll nat ). Do
> > I need NAT-T patch insteed?
>
> The best is to just setup a VPN host-host tunnel with leftsubnet= and
> rightsubnet= Then you do not need NAT-T
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list