On Sat, 27 Apr 2002, Maurice Volaski wrote:
> > Seems the problem is not with freeswan. All the problems are related to
> >IPSEC. IPSEC RFCs does NOT allow it to work when any of the machines are
> >NAT'ed .......
>
> Is this an April Fool's joke?
IPsec "does not work with NAT" is an overstatement of things. IPsec
"does not work *WELL* with NAT" and "may require special support on
the NAT system" are better. Note that the AH protocol specifically
will not work over NAT as the encrypted checksum includes the IP
addresses. ESP can work over a NAT connection.
Linux 2.2.x supports IPsec NAT (as Masquerade). See the technical
discussion of the issues involved in the VPN Masq HOWTO.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin_at_impsec.org pgpk -a jhardin_at_wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"They [media giants] have no idea how to do business with resourceful
human beings rather than passive vegetables. So they run to [the]
government for protection."
-- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
920 days until the Presidential Election
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST