[Openswan Users] Lost packets after DNAT
George Adams
georgebadams at yahoo.com.au
Fri Feb 25 18:57:23 CET 2005
Hi,
we have moved a server (192.168.2.137) from the local
subnet where our VPN server is to another subnet 1 hop
away (192.168.208.0). Given the following connection
description from "FreeS/WAN IPSec version:
super-freeswan-1.99.7" how can I get DNAT to work so
that the client end is not changed (i dont have
access)?
keyingtries=0
auto=start
type=tunnel
authby=secret
pfs=no
leftid=xx.xx.xx.xx
left=xx.xx.xx.xx
leftsubnet=192.168.2.0/24
right=yy.yy.yy.yy
rightsubnet=10.0.62.0/24
ike=3des-md5-modp1024
ikelifetime=8h
keylife=24h
They DNAT appears to work, partly:
Chain PREROUTING (policy ACCEPT 14M packets, 4021M
bytes)
pkts bytes target prot opt in out source
destination
185 7400 DNAT all -- ipsec0 *
10.0.62.0/24 192.168.2.137
to:192.168.208.137
but I dont see anything at the internal interface or
server end. Also I am getting martians logged on the
ipsec interface. Eg:
kernel: martian source 192.168.208.137 from 10.0.62.6,
on dev ipsec0
What is going on? Am I going about this the wrong way?
George.
Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com
More information about the Users
mailing list