I guess I don't understand why it doesn't work because we have a similar
setup where we can connect from behind our monowall to clients' monowalls
using the safenet ipsec vpn client software installed on a workstation.
we've since switched to automatic tunnels using our monowayll, but we never
had any problems with safenet connecting. maybe I don't understand the
From: Chris Buechler [mailto:cbuechler at gmail dot com]
Sent: Thursday, March 09, 2006 4:48 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] IPSEC and NAT-T
On 3/9/06, Nicolai Scheer <scope at planetavent dot de> wrote:
> I am at home behind my m0n0wall. I connect to my firm's draytek router
> (some 2900...) daily via ipsec vpn... and it works well...
> According to what you said, this should not work, since m0n0wall can't
> do nat-t...
NAT-T applies to the device that terminates the IPsec connections. In this
case, the Draytek must support NAT-T, or what you describe wouldn't work.
If you replace the Draytek with a m0n0wall, that same setup wouldn't work.
When the client is behind NAT, the terminating device has to support NAT-T
(and have it enabled).