[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libreswan
Subject:    [Swan] Libreswan NAT
From:       tis () foobar ! fi (Tuomo Soini)
Date:       2015-10-01 9:34:55
Message-ID: 20151001123455.4a1c9426 () omout ! foobar ! fi
[Download RAW message or body]

On Tue, 29 Sep 2015 12:30:14 -0400 (EDT)
Paul Wouters <paul at nohats.ca> wrote:

> > I?m currently trying to setup a VPN through L2TP over IPsec, I have
> > a question regarding NAT compatibility (I haven?t found the answer
> > neither your website nor in you wiki). With the latest release of
> > Libreswan (3.15), is it necessary to create a connection especially
> > for NAT like the first one below?
> 
> I'm not sure. It _should_ work with rightsubnet=vhost:%priv,%no but
> there were problems with that and people did often use two conns/

Two conns are still needed. That's because we exclude virtual_private
excluded subnets without checking if connection is behind nat or not.

-- 
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

[prev in list] [next in list] [prev in thread] [next in thread]