Linux firewall + NAT Traversal + IPsec

Taylor, Grant gtaylor at
Fri Apr 8 21:35:21 CEST 2005

If I understood John correctly he is wanting to use his Linux IPSec firewall
/ NAT router as one end of the IPSec VPN tunnel.  If that is indeed the case
then yes Linux can be configured to do so.  You will need to look at
FreeS/WAN (dyeing / defunct (as I know it)) and / or OpenS/WAN (alive and
kicking very strongly).  There are some interoprability incompatabilities
between different IPSec implementations between FreeS/WAN / OpenS/WAN and
other vendor's IPSec VPN products.  I personaly know that I have gotten
OpenS/WAN (version unknown at the moment) to work with Linksys BFEVP41
(first version) routers as long as I keep a ping flowing through the VPN.

Grant. . . .

> As far as I know, you would not need anything on the Linux box.
> It will all depend on whether the clients and server IPSEC implementation
> support IPSEC NAT T(raversal).
> Microsofts IPSEC implementation does. But has some drawbacks.

More information about the netfilter mailing list