[Openswan Users] win-client - openswan server with nat

[Paul Wouters]

On Wed, 18 Oct 2006, Jacco de Leeuw wrote:

> NAT and PSKs are probably not a good combination. As long as you
> are testing, fine, but be prepared to switch to certificates
> in the long run.

It will make testing itself harder too.

> >         rightsubnet=vhost:%no,%priv
>
> You need to remove this line if you use PSKs and NAT.

Can you explain that to me? Isnt this always needed for NAT-T, even
when in host-host transport mode? Why does it only relate to PSK?

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155