You may be able to get manually keyed ESP in tunnel mode to work, but that's suboptimal from a management and security perspective.
Saw websites that recommend this configuration, but it wont work for me as well.
The other thing that some people think of as a solution to this problem is called NAT traversal. There's a patch to FreeS/WAN that enables it. It's pretty much a dirty hack, if you ask me, much like NAT is a dirty hack, too.
Yep, this could be the solution. Already found this NAT-T patch. Any experiences ???
Are you forced to have NAT take place on that outer router?
??? Its not my router and they had enabled NTA as a kind of "security" :O)
Cheers,Tobias
Thx a lot Michael PS: I read something about your secunet on tickers. freeS/wan ipsec for the certified by RegTP boxes ? Nice !