From: Ken Bantoft (ken_at_freeswan.ca)
Date: Wed Nov 27 2002 - 13:30:38 CET
-----BEGIN PGP SIGNED MESSAGE-----
On 26 Nov 2002, Ad Koster wrote:
> According to the FreeSWan documentation several limitations do exist
> concerning NAT-ed connections/FreeSwan.
>
> Is this a FreeSwan-only problem or an IPSEC limitation in general??
IPSec "limitation" I suppose would be close. It's actually a design point
- - if you have a box doing NAT in the middle, then you have a box munging
packets. Therefore, a point of compromise for man-in-the-middle attacks.
> For example: is it possible to set up a connection using SSH Sentinel
> behind a 3Com OfficeConnect gateway to another gateway running FreeSwan?
>
> Thanks
> Ad
Yes. If the 3Com does support "IPSec Passthru" (where it doesn't munge
packets blindly), or if it doesn't support it, SSH Sentinel and FreeS/WAN
(with NAT-T 0.4 patch) both support Nat Traversal (through ESPinUDP
encapsulation)
- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPeS68ViWUusaxGxpAQFkVgP+MwB5sxL3FZGAHcczZ1UFwIACmrFzt2YH
XXeCMmoAL9QtwoBzLZ06D9P8e6QkueSXlw6EGqTylTdgzLsUQTEgd3gNrR5pdxZW
mc6nwpnYp8MN5TNJ0cPd51dpazbzdiLDkdv3YNs7HANNa5U83lgLwguGaDOdvtwM
N/aKqU+KRos=
=6Nac
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Nov 28 2002 - 05:20:52 CET