On Tue, 29 Sep 2015 12:30:14 -0400 (EDT) Paul Wouters <[email protected]> wrote:
> > I’m currently trying to setup a VPN through L2TP over IPsec, I have > > a question regarding NAT compatibility (I haven’t found the answer > > neither your website nor in you wiki). With the latest release of > > Libreswan (3.15), is it necessary to create a connection especially > > for NAT like the first one below? > > I'm not sure. It _should_ work with rightsubnet=vhost:%priv,%no but > there were problems with that and people did often use two conns/ Two conns are still needed. That's because we exclude virtual_private excluded subnets without checking if connection is behind nat or not. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
