Hi!

Simon Buob schrieb:

[...]
> NO possible cause both Routers MUST support NAT-T - M0n0 doesn not.
> in other words. The Problem is not if the VPN Endpoint is on m0n0 or
> a host behind it. If there is at least one NAT Device both endpoints must
> support NAT-T.

Oh...
I don't know if I got this completely wrong... but:

home - m0n0wall - internet - draytek vpn router

I am at home behind my m0n0wall. I connect to my firm's draytek router
(some 2900...) daily via ipsec vpn... and it works well...

According to what you said, this should not work, since m0n0wall can't
do nat-t...

What's the point there?

And I do not understand, why m0n0wall will manipulate the packets... If
m0n0wall got a public WAN ip and acts as a vpn endpoint, it isn't
neccesary to do any nat there, is it?


Somehow still confused...

thanks for help!

bye,

Nico