[ale] VPN Protocol Question
Michael H. Warfield
mhw at WittsEnd.com
Thu Apr 16 12:56:32 EDT 2009
On Wed, 2009-04-15 at 15:40 -0400, Kenneth Ratliff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Apr 15, 2009, at 3:22 PM, Andrew Grieser wrote:
> >
> > The VPN server will be on a pfSense box that also does the
> > following: router, firewall, DHCP server, and DNSmasq.
> > The VPN server will have a "real" IP address (ie: no NAT), but as I
> > client I expect to be on networks using NAT at least some of the
> > time. If I am understanding the protocols, I believe this rules out
> > IPSec. Is this true?
> The use of NAT does not automatically rule out IPSec, but the use of
> pfSense does. pfSense doesn't support NAT-T (NAT Transversal, which is
> basically just encapsulating the IPSec packet in a UDP packet), unless
> that's changed recently.
This would seem to indicate that pfSense supports NAT-T as of 1.3
http://blog.pfsense.org/?p=211
===
Completed Work
:
10. NAT-Traversal (NAT-T)
===
Looks like somewhere around mid 2008 there.
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20090416/28bf89b4/attachment.bin
More information about the Ale
mailing list