[prev in list] [next in list] [prev in thread] [next in thread]
List: libreswan
Subject: [Swan] Libreswan NAT
From: tis () foobar ! fi (Tuomo Soini)
Date: 2015-10-01 9:34:55
Message-ID: 20151001123455.4a1c9426 () omout ! foobar ! fi
[Download RAW message or body]
On Tue, 29 Sep 2015 12:30:14 -0400 (EDT)
Paul Wouters <paul at nohats.ca> wrote:
> > I?m currently trying to setup a VPN through L2TP over IPsec, I have
> > a question regarding NAT compatibility (I haven?t found the answer
> > neither your website nor in you wiki). With the latest release of
> > Libreswan (3.15), is it necessary to create a connection especially
> > for NAT like the first one below?
>
> I'm not sure. It _should_ work with rightsubnet=vhost:%priv,%no but
> there were problems with that and people did often use two conns/
Two conns are still needed. That's because we exclude virtual_private
excluded subnets without checking if connection is behind nat or not.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic