<html>
<head>
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";
color:windowtext;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{margin-right:0in;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";
color:#080000;}
span.EmailStyle17
{color:black;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<style>
p.MsoNormal
{margin-left:18.75pt;}
</style>
</head>
<body lang=EN-US link=blue vlink=purple style='margin-left:18.75pt;margin-top:
18.75pt'>
<div class=Section1>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>Hi,</span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>I’m not sure if this is an openswan
or iptables issue, but just in case I’ll ask.</span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>My peer is a Linux 2.6 running openswan
with public ip.</span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>My internal network is 10.1.1.0/24 but the
client wants me to nat it using 192.168.50.51</span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>I’m trying to connect to a client
who uses Cisco concentrator behind NAT (192.168.65.10).</span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'> </span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>The connection works fine. On both sides
we see the tunnel up. The only problem is that no traffic is going through.</span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>Using tcpdump I see that the traffic is
not being encrypted. It’s going through my external interface (eth1) but
it’s not going throught the tunnel.</span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'> </span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>Is there a way that instead of using iptables
POSTROUTING to nat my private network, to use something else?</span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'> </span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'> </span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>This is my config:</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>conn tw2</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
type=tunnel</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
authby=secret</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
right=mypublicip</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
rightnexthop=myrouter</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
auto=start</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
left=client’spublicip</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
leftid=192.168.65.10</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
leftsubnet=ip I’m trying to hit/32</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
pfs=no</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
keyingtries=0</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
keyexchange=ike</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
auth=esp</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
keylife=1440m</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
esp=3des-md5</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
ike=3des-md5</span></font></p>
<p class=MsoNormal style='margin-left:18.75pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>
rightsubnet=192.168.50.51/32</span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'> </span></font></p>
<p class=MsoNormal><font size=3 color="#ff6633" face=Arial><span
style='font-size:12.0pt;font-family:Arial;color:#FF6633'> </span></font></p>
</div>
<span id="_AthCaret"></span>
</body>
</html>