[Openswan Users] Can i NAT my network to access a IPSEC tunnel?

Paul Wouters paul at xelerance.com
Mon Apr 24 21:03:52 CEST 2006

On Mon, 24 Apr 2006, Domingo Antonio wrote:

> 	I have configured a openswan host-to-host vpn.
> 	In my side I have IPADDR= and on the other side is
> 	Each SG can access resources on each other. ( like telnet, ssh,
> apache )
> 	Behind a SG I have a network
> 	Can I NAT to access
> 	I'm using openswan 2.4.5, kernel 2.6.10-1.771_FC2 on a FC2...
> 	I tryed to insert a postrouting rule on, but it doesn't
> work.
> 	Is it possible to NAT my network ( ) and if so how can i
> do it?

If you use klips, you have seperate interfaces with an ipsec0 interface. You
can then SNAT on using "-i eth0" and  use interfaces="ipsec0=eth1" for klips.
This way, NAT and IPsec do not bite each other.
You might be able to make this work without klips, using the 2.6.16 kernel using
the iptables v.1.3.5 IPsec policies. I have not yet experimented with this.


More information about the Users mailing list