[Openswan Users] nat problem

Paul Wouters paul at xelerance.com
Wed Apr 19 18:09:08 CEST 2006

On Wed, 19 Apr 2006, Nived Gopalan wrote:

> I get the following error when i run ipsec verify command ;
> Checking tun0x1002 at x.x.x.x from to
> MASQUERADE from to kills tunnel ->
>        [FAILED]
> I'm able to ping between the openswan hosts/firewall, but not the machines
> behind it. I have added the following firewall rules ..
> iptables -t nat -A POSTROUTING -o eth0 -s -d !

If you did not type that rule at the prompt, but put it in a shell script,
you need to escape the "!" with a "\".

also, you need the same exclusion for NATing packets on the other endpoint.


More information about the Users mailing list