[Openswan Users] Tunnel Nated traffic HELP!
teddy B
boustany_t at hotmail.com
Fri Dec 23 07:32:52 CET 2005
Hi all,
I would like to know if theirs a special configuration to allow Nated
Traffic to be tunneled?
the is that i wana setup an ipsec tunnel between 2 networks having
overlapping subnets.
i have the following setup
net1
172.16.0.0/24 (FTP server published)
|
Fake net1 (nat rule)
172.16.100.0/24
|
Ipsec tunnel
11.11.11.1/24
|
11.11.11.2/24
Ipsec Tunnel
|
Fake net2( nat rule)
172.16.101.0/24
|
net2
172.16.0.0/24 (WWW server published)
Net1 gateway is a W3K with RRAS an IPSEC Policy
Net2 gateway is redhat 2.6.9 with openswan 2.4.4
first: i tried my setup without the fake networks and with none overlapping
networks it worked just fine.
second: i did my setup with the fake networks but without the ipsec tunnel
(simple routing) it worked also.
third: now when i setup my ipsec tunnel it goes up ( main mode SA
established, quick mode SA established) but the net2 cannot access the ftp
server on the windows side.
when i sniffed my network i found that the request is reaching the FTP
server but the reply of the server is stuck in the ipsec interface on the
linux side.
I hope i was clear enouf in describing my setup.
below is my ipsec.conf configuration.
conn linux2win
type=tunnel
authby=secret
left=11.11.11.2
leftsubnet=172.16.101.0/24 #fake net
leftnexthop=11.11.11.1
right=11.11.11.1
rightsubnet=172.16.100.0/24 #fake net
rightnexthop=11.11.11.2
auto=add
Thanks for any help and Merry Xmas
More information about the Users
mailing list