On Tue, Aug 17, 2004 at 11:51:03AM +0300, urgrue wrote: > This is all true, but one thing to check before embarking on this > rather large project is whether your VPN fall into this category of > "cant be NATted VPNs" in the first place. > Of the VPN solutions I've used, only IPSEC minds if the IPs are NATted. > and if I remember correctly, IPSEC minds even if its a one-to-one NAT. IPSec NAT-T works great over NAT devices (can even be double NAT'ed) and over firewalls. Even Windows XP supports it. Runs over UDP port 4500 for both IKE and AH/ESP and few firewalls or NAT devices even blink. Simple FreeS/WAN - no Super FreeS/WAN - yes StrongSWAN - yes OpenSWAN - yes KAME - yes Raccoon - YES! 2.4.x kernel with KLIPS - qualified yes (anything other than simple FS) 2.4.x kernel with IPSec Backport - yes 2.6 kernel - absolutely All of the above "yes" interoperate (as well as they do without NAT-T) IPv4 - Yes IPv6 - No (think about it, why would you need it?) > So I'd suggest you simply configure your router/firewall to NAT all > those internal IPs to the same external IP and see if it works, before > starting to set up a more complicated solution. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
pgpyqR0lSNXfF.pgp
Description: PGP signature
