On Sat, 13 Feb 2010, Christian Huldt wrote: > Would I need to use klips/mast for this (several connections from one > natted lan) to work? I've heard contradicting reports on NETKEY, but protostack=mast together with overlapip=yes should work. But it requires the saref kernel patch, which is included in the openswan source. Paul