[Openswan Users] SNAT with 26sec an openswan 2.2.0/kernel 2.6.6

Fabien Tivolle fabien.tivolle at phdmedical.com
Fri Nov 19 15:40:14 CET 2004


Hello,

I have spent a few hours to get this to work, so to save time for people
like me:

I needed to do some SNAT and traffic routing with an OpenSwan GW and
several RW connected with IPsec. 
The iptables rules did not work at first with my setup:
openswan2.2.0/kernel 2.6.8.

It seems that netfilter and IPsec are not playing well togheter in the
stock kernel.

The Netfilter do provide some patchs to get this to work:
So get this patch on the netfilter page
patch-o-matic-ng-20040621.tar.bz2

Apply the following patchs to a 2.6.6 Kernel (it will not work with
2.6.8!):
nf_reset
ipsec-01-output-hooks  
ipsec-02-input-hooks  
ipsec-03-policy-lookup  
ipsec-04-policy-checks  

Compile and then you will get SNAT working.

May be I have missed a simpler solution... But I am just sharing and
suming up what I have found ;)
Fabien



More information about the Users mailing list