[ previous ] [ next ] [ threads ]
 
 From:  Corren Vorwerk <list dash user at backenhoernchen dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT IPsec possible?
 Date:  Wed, 12 Apr 2006 21:31:13 +0200
Moin Joe!

Joe Lagreca schrieb am Dienstag, den 11. April 2006:

> It says in the m0n0 documentation "m0n0wall does not support
> NAT-Traversal (NAT-T) for IPsec, which means if any of your client
> machines are behind NAT, IPsec VPN will not work."
> 
> Is that only the case for workstation to m0n0, or also for m0n0 to
> m0n0 or in my case, m0n0 to netscreen?
> 
Workstations behind m0n0 can not establish IPSec VPN connections to
Computers outside the "wall". This is a limitation of BSD Kernel - as
far as i know.

> Specifically, at a remote location in a foreign country, we only have
> NAT'ed internet access, but would still like to create a VPN back to
> the main office.
> 
I don't know what you mean by that but as i said above it ist the
problem of m0n0wall. I may install a VPN between two m0n0walls ow
m0n0wall and netscreen with all pro and con.

I hope this will answer your question.

Corren

> If the m0n0's WAN has the NAT'ed IP, will IPsec not work?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
signature.asc (0.5 KB, application/pgp-signature)