[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-dev
Subject: Re: [Openswan dev] Re: [Users] routing problem with NAT?
From: Michael Richardson <mcr () sandelman ! ottawa ! on ! ca>
Date: 2004-04-03 14:34:08
Message-ID: 2164.1081002848 () marajade ! sandelman ! ottawa ! on ! ca
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Nate" == Nate Carlson <natecars@natecarlson.com> writes:
>> Correct, I use this patch. kernel 2.4.25
>>
>> Mar 15 23:21:34 moulinsart pluto[22523]: including NAT-Traversal
>> patch (Version 0.6b)
>>
>> Ok, so what is the objective of NAT-T patch ?
Nate> AFAIK, it's to allow roadwarriors behind a NAT gateway to
Nate> connect to a IPSec server, and the networks behind it. You use
Nate> the Xsubnet= to specify what internal IP address the NAT'd box
Nate> is using, and I'm fairly certain there's not a way to also
Nate> have a subnet behind it, without doing something exotic like
Nate> gre tunnels over the ipsec link.
There is no reason why you can't build a tunnel like:
subnet1====GWA----NAT ******* GWB---subnet2
And build a tunnel using NAT-T between GWA/GWB that connects subnet1
and subnet2. This isn't the most frequent use, which is where subnet1
is denegerate to a /32 assigned to a road warrior.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQG7LX4qHRg3pndX9AQHhswQA6u7C03M2pOC9C8mUDzTy4tlNngvB99Df
NfiRAG77u6DLzJHs7wHzzDMU7WdTQ/dNuNtTRtmv+6Mlsq1Z9NLK+1QZPp5gQODH
M+KDOfxIDZnIPLprkiKkifuiQ39xIc6uy7dy4PQStxU16U4mXW3rXf8M29lT6B6d
3VzBP/cOB/o=
=k9D4
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic