[Openswan Users] 26sec

Alexander Samad alex at samad.com.au
Wed Feb 4 08:09:17 CET 2004


My current understanding is there is a problem with netfilter and the
26sec (or native ipsec stack in 2.4).  The hooks are in the wrong

I under the right circumstance want to do snat + dnat before encrypt.
and then I might want to do snat + dnat on the encryption.  The current
26sec stack doesn't allow for this.  Although the work around seems to
be to create more policy matche the un-nat'ed policies.

I also not there is a debian directory in the tar ball, is this a hang
over from freeswan or ???

I would prefere to package than make && make install


On Tue, Feb 03, 2004 at 10:16:50PM +0200, Tuomo Soini wrote:
> Michael Richardson wrote:
> >If you want to do NAT before a tunnel, then you'll have to use KLIPS.
> >It does not build on 2.6, but it will soon.
> I think you are wrong here. If you _don't_ want to snat before tunnel 
> you have to set exceptions with 26sec.
> -- 
> Tuomo Soini <tis at foobar.fi>
> Linux and network services
> +358 40 5240030
> Foobar Oy <http://foobar.fi/>
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list