[Openswan Users] OpenSWAN VPN only kinda working
Jeff Williams
jwilliams at digitalfairway.com
Wed Jan 5 08:23:29 CET 2005
Hello,
I believe I am NATing ipsec packets but nothing I have tried will stop
the NATing of IPSec packets. The problem I have is how to fix the
situation if pssible.
There is this comment in the Design-Related Issues of Openswan:
* Using SNAT and the 2.6 ipsec code apparently doesn't go well together.
Reported by Alexander Samad. Known issue for the netfilter team. DNAT
works as usual, meaning you have to exlude DNAT'ing packets meant for
a tunnel.
But I am not sure exactly how it effects me and how to get around it. I am searching though the netfilter stuff next to see it they provide something that may resolve the issue.
Thanks, Jeff
Paul Wouters wrote:
> On Tue, 4 Jan 2005, Jeff Williams wrote:
>
>> *nat
>> -A POSTROUTING -o eth0 -j SNAT --to 207.164.133.170
>> #-A POSTROUTING -o eth0 -j MASQUERADE
>> -A PREROUTING -m tcp -p tcp -i eth0 --dport 993 -j DNAT
>> --to-destination 192.168.100.10
>
>
> You are NAT'ing ipsec packets, causing them to be invalid and dropped?
>
> And no, I have no idea why 'worked before' with freeswan, it shouldn't
> have.
>
> Paul
>
>
More information about the Users
mailing list