[Ipsec-tools-users] Re: [Openswan Users] nat_traversal in manual keying ?

Paul Wouters paul at xelerance.com
Fri Mar 3 00:09:22 CET 2006

On Thu, 2 Mar 2006, Pjothi wrote:

> The feedback from Paul was very useful. But am looking at a very simple
> scenario without a DNS. I just need to enable setkey to "udp encapsulate
> packets"  irrespective of the presence of a NAT in between. In the lab
> scenario where I am trying to implement, I just want two systems to be IPSec
> protected, but also UDP encapsulated. (Basically forcing it).

Openswan supports force_encaps=yes on a per connection basis, which fakes
the NAT detection, and thereby forces the other end to use encapsulation
as well.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list