[Openswan Users] Help:NAT and superfreeswan on the same gateway!!!

Paul Wouters paul at xtdnet.nl
Sun Feb 15 17:02:49 CET 2004

On Sun, 15 Feb 2004, swcims wrote:

> 	I tried to set up Ipsec tunnel with two super-fs gateway, it seemed that IPSEC SA established,but only one lan side can ping to another lan side through the tunnel.I was completely confused by this config.I think, the main cause would be that super-fs gateway1 enabled NAT.
> -----------     --------------------------       -------------------------     -------------------       ----------
> ||-----||------||----||----| |
> -----------     --(eth0)-------(eth1)----       --(eth0)-------(eth1)----      --(eth0)---(eth1)----     ----------
> 	PC1              super-fs gateway1              gateway-middle                 super-fs gateway2        PC2
> 	super-fs gateway1 worked as a soho router,so need to enable NAT:"iptables -t nat -A POSTROUTING -s -j SNAT --to" ,and set /proc/sys/net/ipv4/ip_forward to "1".And the ipsec.conf is:

You need to exclude NATing to (and in the other direction). add -d \! to the above nat rule, and add the reverse
for the other gateway, eg -d \!


More information about the Users mailing list