[Openswan Users] Please confirm: kernel 2.6, openswan, iptables +
Masquerade do notwork together
Jorge Daniel Sequeira Matias
martin at andorinha.ist.utl.pt
Mon May 16 12:41:27 CEST 2005
I have the same problem using Racoon. It seems to be a bug in kernel v2.6
To the traffic I was receiving from eth0 in IPSec and being forwarded to
eth1 was doing SNAT. It works in this direction, but when the reply packets
come from eth1 they were not unNATed. The packets were being lost inside the
kernel.
The weird thing is, if you let a "ping" working from the outside (coming
from a computer in the outside - eth0) you will note that sometimes the
kernel v2.6 works for a few seconds.
Tried with Kernel 2.6.10. I don't if this is already solved with recent
versions of the kernel.
Regards,
Jorge Matias
----- Original Message -----
From: "Markus Feilner" <lists at feilner-it.net>
To: <users at openswan.org>
Sent: Monday, May 16, 2005 11:31 AM
Subject: [Openswan Users] Please confirm: kernel 2.6, openswan, iptables +
Masquerade do notwork together
Hello List,
Is it correct that on kernel 2.6, openswan and iptables Masquerading do
not work together ? I read about SNAT Problems ...
Ist there a workaroung or do I have to change the hardware ... :-(
My IPSEC Partner wants me to do Masquerading on my ipsec connection, so
that all traffic to his hosts seem to come from my public IP.
Thanks!
--
Mit freundlichen Grüßen
Markus Feilner
---------------------------
Feilner IT Linux & GIS
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092
mail mfeilner at feilner-it.net web http://www.feilner-it.net
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list