<div dir="ltr">Hi,<div><br></div><div>I have the following setup:</div><div><br></div><div>Side A (me):</div><div>Local ip: 172.x.x.x</div><div>Public ip: z.z.z.z</div><div><br></div><div>Side B (them):</div><div>Remote ip: y.y.y.y</div>
<div><br></div><div>They have assigned me address 10.131.x.x which I must NAT all traffic through to get to server ip 131.x.x.x. My server only has one network interface (eth0, with address 172.x.x.x)</div><div><br></div>
<div>So this is my configuration:</div><div><br></div><div><div>conn vpn</div><div> authby=secret</div><div> forceencaps=yes</div><div> auto=start</div><div> left=%defaultroute</div><div> leftid=z.z.z.z</div>
<div> leftsourceip=z.z.z.z</div><div> leftsubnet=10.131.x.x/32</div><div> right=y.y.y.y</div><div> rightid=y.y.y.y</div><div> rightsubnet=10.172.x.x/32</div><div> phase2alg=aes256-sha1</div>
<div> pfs=no</div></div><div><br></div><div>The VPN tunnel is established:</div><div><br></div><div><div>000 "vpn": 10.131.x.x/32===172.x.x.x[z.z.z.z]...y.y.y.y<y.y.y.y>===10.172.x.x/32; erouted; eroute owner: #3</div>
<div>000 "vpn": myip=z.z.z.z; hisip=unset;</div><div>000 "vpn": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0</div><div>000 "vpn": policy: PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: eth0;</div>
<div>000 "vpn": newest ISAKMP SA: #1; newest IPsec SA: #3;</div><div>000 "vpn": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024</div><div>000 "vpn": ESP algorithms wanted: AES(12)_256-SHA1(2)_000; flags=-strict</div>
<div>000 "vpn": ESP algorithms loaded: AES(12)_256-SHA1(2)_160</div><div>000 "vpn": ESP algorithm newest: AES_256-HMAC_SHA1; pfsgroup=<N/A></div><div>000</div><div>000 #3: "vpn":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27560s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate</div>
<div>000 #3: "vpn" esp.86884638@y.y.y.y <a href="mailto:esp.a7324109@172.31.2.203">esp.a7324109@172.31.2.203</a> tun.0@y.y.y.y tun.0@172.31.x.x ref=0 refhim=4294901761</div><div>000 #1: "vpn":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2076s; newest ISAKMP; lastdpd=4s(seq in:0 out:0); idle; import:admin initiate</div>
</div><div><br></div><div><br></div><div>Now I must access server ip 131.x.x.x but NAT it through our assigned ip address 1.131.x.x.</div><div><br></div><div>How can I do that?</div><div><br></div><div>Thanks.</div><div><br>
</div><div> - Morten.</div></div>