Re: how can cheap routers do it?

On Sun, Jul 11, 2004 at 01:25:31PM -0500, J Moore wrote:
> > it's the nature of the protocol. Use nat-t and you should not have any
> > problem...
> > 
> I've looked through the pf user's guide, and can't find anything on 
> "nat-t"... How is nat-t accomplished in OBSD's pf?
NAT-T is a feature to support IPsec tunnels between a VPN client and a
gateway if IP flows are translated.
Hakan Olson has added recently NAT-T support in OpenBSD-current :
- ESP in UDP encapsulation in kernel
- NAT-T negociation in IKE messages for isakmpd daemon
If you want use it, upgrade your system to -current and use a VPN client
compatible with NAT-Traversal.
In PF conf, you must allow incoming connections on UDP ports 500 and
