[Openswan Users] SNAT before ipsec tunnel

[Chris Picton]

Hi all

I am using a RHEL3 server as a gateway on my home network, connecting to
a RH7.3 server at my work network.

>From machines at home, I want to be able to connect to machines on the
internal network at work.

I have the following connections defined:

At Home (machine boojum RHEL3 26sec)
----------
conn kerberos-net
        rightsubnet=192.168.10.0/24
        also=kerberos

conn kerberos
        left=%defaultroute
        right=dns.of.server.at.work
	[ with the keys removed here ]

At Work (machine kerberos RH7.3 KLIPS)
--------
conn roadwarrior-net
        leftsubnet=192.168.10.0/24
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        right=%any
	[ again, removing the keys kere]

The connections are established fine, and from boojum, I can ping
kerberos and and hosts on the 192.168.10.0/24 range.

Any connections out of my internet device on boojum are being
MASQUERADED (as I get a dynamic IP). 

When I try ping from a machine on my home lan to the 192.168.10.0 range,
a tcpdump on boojum shows the packets being routed directly out on to
the internet, and not via the ipsec tunnel.

Some research has pointed me to a post dated Apr 18, 2004.
> There is a patch in the pom-ng to handle this.
> SNAT and IPSEC + 2.6 doesn't work with out this patch.

Is this the solution I should be looking for?  Which patch would I use?
Is this post outdated, and are there are now better solutions?

Any help would be appreciated.  

Chris