[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is NAT traversal with OpenBSD IPsec possible?

To: <misc@openbsd.org>
Subject: Is NAT traversal with OpenBSD IPsec possible?
From: "Henning Riis Rasmussen" <hrr@indbakke.dk>
Date: Fri, 21 Jun 2002 15:41:52 +0200

Hi all!

I'm currently researching the use of OpenBSD as an IPsec gateway.

Is it possible to make the following work:

Client with IPsec software --->
     (static IP) NAT (dynamic IP) --->
            (static IP) OpenBSD (LAN) ??

The client needs to access the LAN on the other side of the OpenBSD
through an IPsec tunnel using the built-in support for IPsec in OpenBSD:

The client could be anything from Win98 to WinXP.

The NAT will typically be some sort of source Port and source IP
translation done by DSL routers (Cisco or some other).

Can the OpenBSD IPsec implementation handle this kind of NAT'ing?

Will it work with the native IPsec support in Windows 2000 and Windows
XP?

What 3rd party software would you recommend for this scenario for the
clients, and how should it be done in terms of configuration, patches,
use of shared secrets or certificates etc?

If anybody actually has a working setup like the above, i'd like very
much to hear from them!

If having the dynamic IP address won't work, can it be done having a
static IP address on the outside of NAT box?

Regards,
Henning

Follow-Ups:
- Asante nge(4) does not talk on i386.
  - From: Ash <ash@aeria.net>

Prev by Date: Re: OpenBSD c2k2 hackathon modified?
Next by Date: Re: ibm thinkpad 560 w/a 10G disk chokes at startup
Prev by thread: cryptocard RB 1
Next by thread: Asante nge(4) does not talk on i386.
Index(es):
- Date
- Thread