[ previous ] [ next ] [ threads ]
 From:  Richard Adams <podilarius at yahoo dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  m0n0wall, racoon and NAT Transversal
 Date:  Thu, 13 Oct 2005 09:43:28 -0700 (PDT)
I donít know if you guys did this by design, but I was searching for racoon and found that it can to
NAT Transversal. This is a compile time option and can be found in the racoon.conf once it is
compiled in. Here is the excerpt from the racoon.conf man page.


nat_traversal (on | off | force);

                     This directive enables use of the NAT-Traversal IPsec

                     extension (NAT-T).  NAT-T allows one or both peers to

                     reside behind a NAT gateway (i.e., doing address- or

                     port-translation).  Presence of NAT gateways along the

                     path is discovered during phase 1 handshake and if found,

                     NAT-T is negotiated.  When NAT-T is in charge, all ESP

                     and AH packets of a given connection are encapsulated

                     into UDP datagrams (port 4500, by default).  Possible

                     values are:

                     on      NAT-T is used when a NAT gateway is detected

                             between the peers.

                     off     NAT-T is not proposed/accepted.  This is the


                     force   NAT-T is used regardless if a NAT is detected

                             between the peers or not.

                     Please note that NAT-T support is a compile-time option.

                     Although it is enabled in the source distribution by

                     default, it may not be available in your particular

                     build.  In that case you will get a warning when using

                     any NAT-T related config options.


This is all that is missing for me to use m0n0wall. It is a REALLY cool product.





 Yahoo! Music Unlimited - Access over 1 million songs. Try it free.