[Users] Re: [Design] mast(4)

On Fri, 14 Mar 2003, I wrote:

 >http://www.monmouth.com/~jsd/vpn/ipsec+routing/mast.htm#sec-transport-pvt

On 03/14/2003 01:57 PM, Jim Carter wrote:

> Interesting discussion. When eventually implemented, this looks like
> the solution to my problem of a road warrior behind a closed source
> NAT box (residential or hotel gateway), where different hotels give
> different peers the same "wild-side" address such as 192.168.0.1.

I doubt that's the solution to this problem. Your base station will never utter any such address. Your base station will utter the address of the hotel's NAT box.

> However, I'm wondering if transport mode (vs. tunnel mode) will
> support packets intended to leave the secure gateway

What means secure gateway? The only gateway I see mentioned so far is the hotel NAT box, which doesn't contribute anything to IPsec security.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

> -- I got the impression that it wouldn't. In the paradigm case, the
> road warrior's default route is down the tunnel/transport, and the
> gateway routes his packets to the global internet (doing NAT on the
> way out), and it then sends reverse-NATted returning packets down the
> correct tunnel despite the non-unique IP addresses on the various
> hotels' internal nets.

Isn't this just the usual IPsec NAT-traversal situation?

> I think the "just" clause got corrupted.

Fixed now. Thanks.

• jsd

  ---