[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT-T stability ?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: NAT-T stability ?
From: Stephan Tesch <stephan_(_at_)_tesch_(_dot_)_cx>
Date: Fri, 27 Aug 2004 17:09:33 +0200
Reply-to: stephan_(_at_)_tesch_(_dot_)_cx

Am Freitag 27 August 2004 04:56 schrieb Dave Harrison:

Hi!

> I need to be able to pass IPSec packets through my OpenBSD firewall to a
> FreeSWan box in my DMZ.  Since this would require NAT-T, and I
> understand that NAT-T is new to the src tree, I was wondering if anyone
> was using it and if they had had successes/problems with it ?

Let me get this straighter than it already is: You use your OpenBSD box to act 
as a firewall and your Linux box as a VPN gateway? And now you'd like to use 
OpenBSDs NAT-T functionality to pass the VPN traffic to the linux box?

NAT-T is encapsulation of IPsec packets within UDP (or TCP) packets. So your 
VPN gateways have to support this. All your firewall has to do is provide a 
good packet filter to NAT those packets from and to the VPN gateway and that 
is it. If memory serves right, then you just have to enable udp/500 and your 
good to go.

Regards, Stephan

-- 
PGP key: http://www.tesch.cx/stephan.asc
Fingerprint: 9CF9 0D64 2957 B44D A0C8
             35FE 0382 AE49 DFAB 9CAF

References:
- NAT-T stability ?
  - From: Dave Harrison

Prev by Date: Re: problem with using perl and/or pkg utils in 3.5 installer?
Next by Date: Non-US lang and charsets?
Previous by thread: NAT-T stability ?
Next by thread: config: warning: maxusers (80) > 64
Index(es):
- Date
- Thread

Visit your host, monkey.org