On Fri, 2004-05-14 at 13:29, Tim White wrote: > I know that you need to ensure that the NAT doesn't change the Port > Number for the UDP, IIRC it's port 500 for src and destination. You also > cannot use the AH part of IPSec, because that puts a checksum on the > packet - which obviously changes as the packet goes through the NAT. > > So, > 1) Make sure that the NAT keeps src & dst port for the UDP packets > 2) Make sure that you are only using ESP and not AH+ESP.
The modem wasn't preserving port 500 as the source so I've fixed that. I've also checked the Fresswan is not using ESP+AH and it's only using the default of ESP so that should be okay. Now, I just need to sit and wait until the other party is home to try again. The speedtouch docos certainly indicate that outbound VPN connections should be fine so that will probably fix the problem. -- Simon Wong <[EMAIL PROTECTED]> Wongy.org -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
