On Tue, 11 Mar 2003, Erik Anderson wrote:
> Can the client be hidden behind a NAT firewall w/ a public IP?

Not easily -- it is possible to implement some hacks on the FreeS/WAN side
to make it work. Basically, you can do the following:

conn roadwarrior
	left=%defaultroute
	right=%any
	rightsubnet=%priv

..which will allow any box that has it's internal IP address set to a
RFC1918 address to connect. This assumes, of course, that the NAT box
understands IPSec properly.

Oh, you need the NAT-Traversal patches for this to work.

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500



_______________________________________________
Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list