[Openswan Users] SNAT with 26sec an openswan 2.2.0/kernel 2.6.6
Fabien Tivolle
fabien.tivolle at phdmedical.com
Fri Nov 19 15:40:14 CET 2004
Hello,
I have spent a few hours to get this to work, so to save time for people
like me:
I needed to do some SNAT and traffic routing with an OpenSwan GW and
several RW connected with IPsec.
The iptables rules did not work at first with my setup:
openswan2.2.0/kernel 2.6.8.
It seems that netfilter and IPsec are not playing well togheter in the
stock kernel.
The Netfilter do provide some patchs to get this to work:
So get this patch on the netfilter page
patch-o-matic-ng-20040621.tar.bz2
Apply the following patchs to a 2.6.6 Kernel (it will not work with
2.6.8!):
nf_reset
ipsec-01-output-hooks
ipsec-02-input-hooks
ipsec-03-policy-lookup
ipsec-04-policy-checks
Compile and then you will get SNAT working.
May be I have missed a simpler solution... But I am just sharing and
suming up what I have found ;)
Fabien
More information about the Users
mailing list