If the VPN server or client doesn't support NAT-T. Then multiple hosts behind a single NAT address couldn't simultaneously establish and maintain tunnels to the multiple exterior hosts. Only one host could establish... But if both side support NAT-T, it works. On Thu, May 29, 2008 at 5:49 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > > On Thursday 2008-05-29 11:31, Sarge Gorden wrote: > >>Hi all, >> >>Now I was using a Linux box as a gateway (Ver: 2.6.18). But without >>NAT-T there gona some problems when connecting a L2TP-over-IPSec VPN >>server. > > What problem? > >>I wonder if there's a "IPSec ALG" could port into the kernel. (Just >>like ip_conntack_ipsec/ip_nat_ipsec) >>Is there is a patch availiable now? > > AH and ESP is handled by nf_conntrack_proto_generic (always built-in). > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
