Tommaso Di Donato wrote:
Maybe I explained myself not very well: ipsec natively do not permit to bypass NAT gateway. So few solutions have been adopted, uone of them is NAT-T (that is, ipsec over UDP). I do not mean that it is pfsense that must do this: generally it is the OS ipsec implementation that takes it into account (during the very fist exchanges between the thwo parties, and so on). I only would like to know if racoon (I think racoon is the one that manage ipsec VPNs) uses NAT-T or another mechanism for bypassing NAT limitation...
In the case of VPN's that are terminated on pfsense boxes, it is racoon, and very recently a kernel patch was added to test NAT-T support with ipsec-tools. I'm not sure if it's even made it into a public release yet. It'll be there soon if not, but needs testing.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
