[Openswan Users] How do i make "hideNat" on Linux/openswan?

Steinmetz, Heiko Heiko.Steinmetz at ips-software.de
Mon Aug 8 15:18:17 CEST 2005


Hello,

i have the following problem:
i want to etablish a vpn connection between two sites, and one site must be hidden.
This is an one-side vpn connection.

 Net (192.168.0.0/24) <--> FW(VPN openswan, 4.3.2.1) <-- Internet --> FW Partner (1.2.3.4) <--> Foreign Net (10.0.0.0/24)

Our firewall must be hideNat to IP Address 10.10.10.47/32. The foreignNet don't see the net 192.168.0.0/24.

How i make our config file?

conn netme-to-netpartner
        # Left security gateway, subnet behind it, next hop toward left.
        left=4.3.2.1
        leftsubnet=192.168.0.0/24
        leftnexthop=%defaultroute
        # Right security gateway, subnet behind it, next hop toward right.
        right=1.2.3.4
        rightid=10.20.0.1
        rightsubnet=10.0.0.0/24
        authby=secret
        pfs=no
        # To authorize this connection, but not actually start it, at startup,
        # uncomment this.
        auto=start

The tunnel etablished successfully, but i can't route annything, since we hideNat to 10.10.10.47/32.

How do i make "hideNat" on Linux/openswan?

Thanks,
Heiko


====================================================================
 IPS Software GmbH
 Isaac-Fulda-Allee 9
 55124 Mainz
 tel: +49.6131.37577.0
 fax: +49.6131.37577.55
 -
 Niederlassung München:
 Grafinger Str. 2
 81671 München
 tel.: +49.89.18926780
 fax.: +49.89.18926808
 -
 url: http://www.ips-software.de
====================================================================
 Diese e-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte
 Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
 e-Mail irrtuemlich erhalten haben informieren Sie bitte sofort den
 Absender und vernichten Sie diese e-Mail. Das unerlaubte Kopieren
 sowie die unbefugte Weitergabe dieser e-Mail ist nicht gestattet.
-
 This e-mail contains confidential and/or proprietary information.
 If you are not the intended recipient or if you received the e-Mail
 by mistake we ask you to notify the sender immediately and destroy
 this e-Mail. The unauthorized reproduction or distribution of this
 e-Mail is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050808/897d7fee/attachment-0001.htm


More information about the Users mailing list