From: Ken Bantoft (ken_at_freeswan.ca)
Date: Thu Oct 31 2002 - 19:49:15 CET
On Thu, 31 Oct 2002, Javier García de Bringas wrote:
> Hello,
>
> I'm thinking about doing an IPSec tunnel to a remote server using
> FreeS/WAN. However, my PC has a private IP address and there is a router
> doing NAPT in order to allow it and some other PCs to access Internet. I
> have no way of changing anything in the router as it is owned by my ISP. How
> can I do a VPN using FreeS/WAN in this situation? I understand the problems
> NAT creates to IPSec connections, however I know some vendors have
> implemented non-standard extensions to IPSec in order to pass through NAT.
> The one I've seen encapsulates IPSec in TCP packets, so NAT doesn't affect
> the encrypted neither the authenticated part. Are there any such extensions
> in FreeS/WAN? Is it something under development (maybe I could help with
> it), or in the contrary it isn't been thought about at all?
>
> Thank you very much for your help,
>
> Javier
If the router does proper IPSec passthrough, you might be other.
Otherwise, you'll need the NAT Traversal patches on both sides of the
tunnel. http://open-source.arkoon.net is the offical site for those.
--
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"Random numbers should not be generated with a method
chosen at random." -- Donald Knuth,
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 05:20:36 CET