[Openswan Users] Ipsec passthrough on linux

Paul Wouters paul at xelerance.com
Mon Dec 8 14:18:03 EST 2008


On Mon, 8 Dec 2008, hiren joshi wrote:

> But I want to talk to a legacy system that do not support NAT-T.
>
> Currently multiple connections to a Openswan VPN server behind same
> NATbox fails as ESP do not provide any hook (as port numbers in the
> case of udp/tcp) to demultiplexe them.

There are the SPI numbers.

Openswan does not support any kind of ipsec passthrough because it is
too broken. It was obsoleted for NAT-T with good reason.

Paul


More information about the Users mailing list