[Openswan Users]
Jacco de Leeuw
jacco2 at dds.nl
Mon May 15 00:30:33 CEST 2006
Paul Wouters wrote:
>>This is an issue in Openswan and not in the NAT-T standard, right?
>
> Yes, it is a limitation in the IPsec NAT-T standards.
That would make it a "no, it is a limitation in the NAT-T standards" :-).
It's a pity that after all those years of NAT-T drafts they could not
work out a standard that supports all NAT scenarios.
> If they do not have code dealing with it, yes they do. It is likely Microsoft
> and Cisco have done this. I am not sure about OSX. I'm pretty sure no open
> source software has fixed this before us.
Stinghorn supports multiple clients behind the same NAT device:
http://www.kame.net/racoon/racoon-ml/msg00824.html
but I don't know if it supports two clients with the same IP address
behind different NAT routers.
>>What if the kernel maintainers don't accept the NAT-T changes?
>
> The kernel people are just as anxious as we are to make the whole netkey
> versus klips issue go away. We are working with them on this.
That's great to hear.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list