thr3ads.net - Shorewall users - IPSec NAT-T woes [May 2005]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Claas Langbehn

2005-May-18 18:53 UTC

IPSec NAT-T woes

Hello,


I am using shorewall 2.2.3-1 and ipsec-tools-0.5.2 on the same machine.
My kernel 2.6.11.10 is patched as needed.
The server has an official IP-Adress (no NAT on this side), but some of 
the clients do use NAT.

I figured out that NAT-T connections (RFC 3947) did not work without the 
"generic:udp:4500" in /etc/shorewall/tunnels:

# Road-Warriors
ipsecnat                net     0.0.0.0/0       road
generic:udp:4500        net     0.0.0.0/0       road


regards
claas

Claas Langbehn

2005-May-18 20:24 UTC

head link

Re: IPSec NAT-T woes

Please discard my previous mail, as it is nonsense.
I was tricked by my system. I thought I was already
NAT''ed, but in fact I wasn''t. Racoon caused my
problems.

claas

Seemingly Similar Threads

ipsec - report of success
Re: IPsec problems with tunneled networks
Re: IPsec problems with tunneled networks
Re: VPN/ipsec naming of interfaces
Re: Error: Your kernel and/or iptables does not not support policy match: ipsec

Search for more possibly parallel threads

Shorewall users - May 2005 - IPSec NAT-T woes

IPSec NAT-T woes

Re: IPSec NAT-T woes

Seemingly Similar Threads