[Openswan Users] Host-To-Host over NAT

Paul Wouters paul at xelerance.com
Wed Apr 8 15:23:29 EDT 2009


On Wed, 8 Apr 2009, Lipinski, Steven L (Steve) wrote:

> I'm trying to configure two systems (both running Openswan on RedHat) to
> establish an IPSec tunnel.  This is strictly a host-to-host connection,
> and I believe I need to use transport mode (I don't believe tunnel mode
> will work given our restrictions).

That's wrong. Use tunnel mode.

> The trick is that one or both hosts
> may be behind a NAT device, and the mate host need not be configured
> with the private IP Addressing information used behind the NAT device.

ESPECIALLY with NAT involved, use tunnel mode!

Paul


More information about the Users mailing list