On Tue, 11 Mar 2003, Erik Anderson wrote: > Can the client be hidden behind a NAT firewall w/ a public IP? Not easily -- it is possible to implement some hacks on the FreeS/WAN side to make it work. Basically, you can do the following: conn roadwarrior left=%defaultroute right=%any rightsubnet=%priv ..which will allow any box that has it's internal IP address set to a RFC1918 address to connect. This assumes, of course, that the NAT box understands IPSec properly. Oh, you need the NAT-Traversal patches for this to work. -- Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 _______________________________________________ Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list