[Openswan Users] Host-To-Host over NAT
Paul Wouters
paul at xelerance.com
Wed Apr 8 15:23:29 EDT 2009
On Wed, 8 Apr 2009, Lipinski, Steven L (Steve) wrote:
> I'm trying to configure two systems (both running Openswan on RedHat) to
> establish an IPSec tunnel. This is strictly a host-to-host connection,
> and I believe I need to use transport mode (I don't believe tunnel mode
> will work given our restrictions).
That's wrong. Use tunnel mode.
> The trick is that one or both hosts
> may be behind a NAT device, and the mate host need not be configured
> with the private IP Addressing information used behind the NAT device.
ESPECIALLY with NAT involved, use tunnel mode!
Paul
More information about the Users
mailing list