[Openswan Users] 26sec

Tuomo Soini tis at foobar.fi
Thu Feb 5 15:53:05 CET 2004

Michael Richardson wrote:

>   There are people who want to do NAT going into the tunnel, which it is
> my understanding can not be done, because POSTROUTING is run after the
> tunnel encapsulation.

Nope. Problem is that all traffic is SNAT:ed. because packet goes via 
POSTROUTING first without ipsec and then encapsulated. And first time it 
gets SNAT:ed.

More information about the Users mailing list