[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how can cheap routers do it?



Hi,
On Sun, Jul 11, 2004 at 01:25:31PM -0500, J Moore wrote:
> > it's the nature of the protocol. Use nat-t and you should not have any
> > problem...
> > 
> 
> I've looked through the pf user's guide, and can't find anything on 
> "nat-t"... How is nat-t accomplished in OBSD's pf?
NAT-T is a feature to support IPsec tunnels between a VPN client and a
gateway if IP flows are translated.
Hakan Olson has added recently NAT-T support in OpenBSD-current :
- ESP in UDP encapsulation in kernel
- NAT-T negociation in IKE messages for isakmpd daemon
If you want use it, upgrade your system to -current and use a VPN client
compatible with NAT-Traversal.
In PF conf, you must allow incoming connections on UDP ports 500 and
4500.
A++ Foxy
-- 
Laurent Cheylus <[email protected]> OpenPGP ID 0x5B766EC2