[Openswan Users] NAT traffic (contact_mark)
Paul Wouters
paul at xelerance.com
Mon Mar 21 16:12:24 EDT 2011
On Mon, 21 Mar 2011, contact_mark at btopenworld.com wrote:
> Subject: [Openswan Users] NAT traffic (contact_mark)
>
> If sending NAT traffic over ipsec is considered mangling and in violation of
> ipsec why am I able to SNAT ipsec traffic using Juniper or Cisco devices but
> not on openswan?
Because they are violating RFC requirements and their own negotiated policies.
An example can be seen here:
https://bugs.openswan.org/projects/openswan/wiki/Juniper_NAT-IPsec_hack_workaround
Paul
More information about the Users
mailing list