> Geoff Galitz wrote: >> >> Openswan is your friend. I have it running (under OpenSUSE) and it is >> quite easy. I tend to favor IPsec over SSL as I don't like to have >> openssl as a dependancy. >> >> http://www.openswan.org > > On the other hand, if you don't have a strict requirement for IPsec, it is > much > easier to get the udp or tcp packets that work for openvpn through NAT and > port-forwarding routers. > True for port fowarding, but current versions of Openswan (that is, currently available in most public repos) work just fine with NAT. I am using it in NAT environment and I did not have to make NAT/Masquerading adjustments. This was not always the case, and the Openswan docs still refer to adjustments for NAT networks... but as I said it works just fine for us without adjustments. -geoff ------------------------------ Geoff Galitz Blankenheim, DE http://www.galitz.org