[Openswan Users] Tunnel Nated traffic HELP!

teddy B boustany_t at hotmail.com
Fri Dec 23 07:32:52 CET 2005

Hi all,
I would like to know if theirs a special configuration to allow Nated 
Traffic to be tunneled?
the is that i wana setup an ipsec tunnel between 2 networks having 
overlapping subnets.

i have the following setup
      net1 (FTP server published)
Fake net1 (nat rule)
Ipsec tunnel
Ipsec Tunnel
Fake net2( nat rule)
     net2 (WWW server published)

Net1 gateway is a W3K with RRAS an IPSEC Policy
Net2 gateway is redhat 2.6.9 with openswan 2.4.4

first: i tried my setup without the fake networks and with none overlapping 
networks it worked just fine.
second: i did my setup with the fake networks but without the ipsec tunnel 
(simple routing) it worked also.
third: now when i setup my ipsec tunnel it goes up ( main mode SA 
established, quick mode SA established) but the net2 cannot access the ftp 
server on the windows side.
when i sniffed my network i found that the request is reaching the FTP 
server but the reply of the server is stuck in the ipsec interface on the 
linux side.

I hope i was clear enouf in describing my setup.
below is my ipsec.conf configuration.

conn linux2win
    leftsubnet= #fake net
    rightsubnet=  #fake net

Thanks for any help and Merry Xmas

More information about the Users mailing list