[Openswan Users] Tunnel Nated traffic HELP!

Norman Rasmussen norman at rasmussen.co.za
Fri Dec 23 18:43:29 CET 2005


On 12/23/05, Paul Wouters <paul at xelerance.com> wrote:
> On Fri, 23 Dec 2005, teddy B wrote:
>
> > I would like to know if theirs a special configuration to allow Nated Traffic
> > to be tunneled?
> > the is that i wana setup an ipsec tunnel between 2 networks having overlapping
> > subnets.
> >
> > i have the following setup
> >      net1
> > 172.16.0.0/24 (FTP server published)
> >        |
> > Fake net1 (nat rule)
> > 172.16.100.0/24
> >        |
> > Ipsec tunnel
> > 11.11.11.1/24
> >        |
> > 11.11.11.2/24
> > Ipsec Tunnel
> >        |
> > Fake net2( nat rule)
> > 172.16.101.0/24
> >        |
> >     net2
> > 172.16.0.0/24 (WWW server published)
>
> That is currently not (yet) supported.
> A workaround is to assign another network range on one end and
> use that, perhaps with a portforward to make it fully transparent.
>
> Paul
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

Is it maybe an FTP problem? Try plain http first.  Fyi: ftp needs nat
helpers loaded.

You could probably get it working by putting the Nat-Faking and the
IPSEC on two seperate machines.

Additionally you might try Nat-Fakin at one end only, you might find
that w3k and openswan do things differently, and if you're lucky it
might just work 'one way around' only.

--
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/


More information about the Users mailing list