[Openswan Users] Can i NAT my network to access a IPSEC tunnel?
Paul Wouters
paul at xelerance.com
Mon Apr 24 21:03:52 CEST 2006
On Mon, 24 Apr 2006, Domingo Antonio wrote:
> I have configured a openswan host-to-host vpn.
> In my side I have IPADDR=10.0.0.72 and on the other side is
> IPADDR=146.0.0.1.
>
> Each SG can access resources on each other. ( like telnet, ssh,
> apache )
>
> Behind a 10.0.0.72 SG I have a network 10.0.0.0/24.
>
> Can I NAT 10.0.0.0/24 to access 146.0.0.1?
> I'm using openswan 2.4.5, kernel 2.6.10-1.771_FC2 on a FC2...
>
> I tryed to insert a postrouting rule on 10.0.0.72, but it doesn't
> work.
>
> Is it possible to NAT my network ( 10.0.0.0/24 ) and if so how can i
> do it?
If you use klips, you have seperate interfaces with an ipsec0 interface. You
can then SNAT on using "-i eth0" and use interfaces="ipsec0=eth1" for klips.
This way, NAT and IPsec do not bite each other.
You might be able to make this work without klips, using the 2.6.16 kernel using
the iptables v.1.3.5 IPsec policies. I have not yet experimented with this.
Paul
More information about the Users
mailing list