[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT-T stability ?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: NAT-T stability ?
- From: Stephan Tesch <stephan_(_at_)_tesch_(_dot_)_cx>
- Date: Fri, 27 Aug 2004 17:09:33 +0200
- Reply-to: stephan_(_at_)_tesch_(_dot_)_cx
Am Freitag 27 August 2004 04:56 schrieb Dave Harrison:
> I need to be able to pass IPSec packets through my OpenBSD firewall to a
> FreeSWan box in my DMZ. Since this would require NAT-T, and I
> understand that NAT-T is new to the src tree, I was wondering if anyone
> was using it and if they had had successes/problems with it ?
Let me get this straighter than it already is: You use your OpenBSD box to act
as a firewall and your Linux box as a VPN gateway? And now you'd like to use
OpenBSDs NAT-T functionality to pass the VPN traffic to the linux box?
NAT-T is encapsulation of IPsec packets within UDP (or TCP) packets. So your
VPN gateways have to support this. All your firewall has to do is provide a
good packet filter to NAT those packets from and to the VPN gateway and that
is it. If memory serves right, then you just have to enable udp/500 and your
good to go.
PGP key: http://www.tesch.cx/stephan.asc
Fingerprint: 9CF9 0D64 2957 B44D A0C8
35FE 0382 AE49 DFAB 9CAF