Hello list: In booting up Bering 1.2, one of the messages in auth.log is: Jul 16 13:07:15 firewall pluto[25864]: including NAT-Traversal patch (Version0.5a) [disabled]
How does one enable NAT traversal -- and is it right for what I want to do (pretty sure it is but thought I would ask the list)? I am interested in allowing machines on a local internal net connect into a distant VPN. These machines are behind a Bering FW running NAT-- basically masquerading or Port Address translation. The local FW has a single static IP on the external interface (thru DSL). I am interested in running a road-warrior config on the distant firewall (also Bering 1.2) and connecting my client machine(s) through the local firewall. I have tried an identical w2000 client IP security policy behind the local firewall and in front of it. The behind case doesn't work, but the "in front" does. Ascii art: (won't work) Win2kclient --- local FW (NAT/PAT)-- internet -- distant FW (NAT/PAT+IPSEC) --- distant net |---- win2kclient (will work) Both win2000 clients are set up like the Bering user's guide, using ESP/MD5. I believe NAT traversal is specifically for ESP. I looked on the Freeswan user's list and found some kind of info about a different error message -- not sure if I need a recompiled Bering kernel...? The other alternative seems to be client patches and/or extra VPN client s/w to enable NAT traversal, which I believe puts the original IP inside a UDP packet. Rather not have to do this for all machines (i.e. Windoze, Macs, linux). For anyone interested, the one for Win 2000 is located at http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2 tpclient.asp Any help appreciated. TIA, Rick. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html