Hi, Quoting tefol tefol <[EMAIL PROTECTED]>:
> Is it possible to set up a VPN from a workstation using a VPN slinet (such > as SSH Sentinel) if that workstation is NAT'd? Yes, it's possible if your VPN client (such as SSH Sentinel) has "NAT Traversal" feature and IPSec remote device supports also this feature. IPsec Nat-Traversal use encapsulation of ESP in UDP packets. It allows ESP packets to pass NATing device without problems. > SSH Sentinel has sa check box saying tick this for this function, but only > if the device the client is connecting to supports the feature. From all I > can see, isakmpd doesn't support this feature. Yes, isakmpd doesn't support IPSec NAT-Traversal because of patents problems. At the present time, OpenBSD dev team does not want support this feature :-( But Freeswan on Linux supports this feature with a specific patch (see http://open-source.arkoon.net or SuperFreeswan on http://ww.freeswan.ca). A++ Foxy. -- Laurent Cheylus <[EMAIL PROTECTED]> OpenPGP ID 0x5B766EC2
