[Openswan Users] Please confirm: kernel 2.6, openswan, iptables + Masquerade do not work together

Paul Wouters paul at xelerance.com
Mon May 16 15:43:46 CEST 2005


On Mon, 16 May 2005, Markus Feilner wrote:

> Is it correct that on kernel 2.6, openswan and iptables  Masquerading do
> not work together ? I read about SNAT Problems ...
> Ist there a workaroung or do I have to change the hardware ... :-(
> My IPSEC Partner wants me to do Masquerading on my ipsec connection, so
> that all traffic to his hosts seem to come from my public IP.

that's more or less correct. There are patches floating, I believe in the
SuSe kernel tree and in the netfilter patch-o-matic, that might work for
you, but it will require you running very bleeding edge 2.6 kernels.

Perhaps using a 2.4 machines with KLIPS is a better solution for you?

Paul


More information about the Users mailing list