[Openswan Users] Ipsec passthrough on linux

[Paul Wouters]

On Mon, 8 Dec 2008, hiren joshi wrote:

> But I want to talk to a legacy system that do not support NAT-T.
>
> Currently multiple connections to a Openswan VPN server behind same
> NATbox fails as ESP do not provide any hook (as port numbers in the
> case of udp/tcp) to demultiplexe them.

There are the SPI numbers.

Openswan does not support any kind of ipsec passthrough because it is
too broken. It was obsoleted for NAT-T with good reason.

Paul