[Users] NAT-ed IPSEC connections to FreeSwan/IPSEC

From: Stephen J. Bevan (stephen_at_dino.dnsalias.com)
Date: Wed Nov 27 2002 - 07:06:08 CET

• Next message: Stephen J. Bevan: "[Users] Concurrent Road Warriors Configuration"
• Previous message: Christopher Lyon: "[Users] Capacity and Performance"
• In reply to: Ad Koster: "[Users] NAT-ed IPSEC connections to FreeSwan/IPSEC"
• Next in thread: Ken Bantoft: "Re: [Users] NAT-ed IPSEC connections to FreeSwan/IPSEC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ad Koster writes:
> According to the FreeSWan documentation several limitations do exist
> concerning NAT-ed connections/FreeSwan.
>
> Is this a FreeSwan-only problem or an IPSEC limitation in general??

IPsec in general doesn't work well with connections behind NAT/PAT.
There is a IETF draft solution for which deals with this and SSH
Sentinel supports it.

> For example: is it possible to set up a connection using SSH Sentinel
> behind a 3Com OfficeConnect gateway to another gateway running FreeSwan?

It is if you patch FreeS/WAN to support NAT traversal. See
<http://open-source.arkoon.net/> for the patches or Super FreeS/WAN
<http://www.freeswan.ca> for a version of FreeS/WAN that already
contains this along with other useful patches.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Stephen J. Bevan: "[Users] Concurrent Road Warriors Configuration"
• Previous message: Christopher Lyon: "[Users] Capacity and Performance"
• In reply to: Ad Koster: "[Users] NAT-ed IPSEC connections to FreeSwan/IPSEC"
• Next in thread: Ken Bantoft: "Re: [Users] NAT-ed IPSEC connections to FreeSwan/IPSEC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Nov 28 2002 - 05:20:52 CET