[Openswan Users]

Jacco de Leeuw jacco2 at dds.nl
Mon May 15 00:30:33 CEST 2006


Paul Wouters wrote:

>>This is an issue in Openswan and not in the NAT-T standard, right?
> 
> Yes, it is a limitation in the IPsec NAT-T standards.

That would make it a "no, it is a limitation in the NAT-T standards" :-).

It's a pity that after all those years of NAT-T drafts they could not
work out a standard that supports all NAT scenarios.

> If they do not have code dealing with it, yes they do. It is likely Microsoft
> and Cisco have done this. I am not sure about OSX. I'm pretty sure no open
> source software has fixed this before us.

Stinghorn supports multiple clients behind the same NAT device:
http://www.kame.net/racoon/racoon-ml/msg00824.html
but I don't know if it supports two clients with the same IP address
behind different NAT routers.

>>What if the kernel maintainers don't accept the NAT-T changes?
> 
> The kernel people are just as anxious as we are to make the whole netkey
> versus klips issue go away. We are working with them on this.

That's great to hear.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list