RES: [Openswan Users] Can i NAT my network to access a IPSEC tunnel?

Domingo Antonio domingo at
Mon Apr 24 16:56:35 CEST 2006

hum.. I have no klips support in my kernel
ill try to compile with klips support and try nat again...

10x :)

-----Mensagem original-----
De: Paul Wouters [mailto:paul at] 
Enviada em: segunda-feira, 24 de abril de 2006 15:04
Para: Domingo Antonio
Cc: users at
Assunto: Re: [Openswan Users] Can i NAT my network to access a IPSEC tunnel?

On Mon, 24 Apr 2006, Domingo Antonio wrote:

> 	I have configured a openswan host-to-host vpn.
> 	In my side I have IPADDR= and on the other side is 
> 	Each SG can access resources on each other. ( like telnet, ssh, 
> apache )
> 	Behind a SG I have a network
> 	Can I NAT to access
> 	I'm using openswan 2.4.5, kernel 2.6.10-1.771_FC2 on a FC2...
> 	I tryed to insert a postrouting rule on, but it doesn't 
> work.
> 	Is it possible to NAT my network ( ) and if so how can i

> do it?

If you use klips, you have seperate interfaces with an ipsec0 interface. You
can then SNAT on using "-i eth0" and  use interfaces="ipsec0=eth1" for
This way, NAT and IPsec do not bite each other.
You might be able to make this work without klips, using the 2.6.16 kernel
using the iptables v.1.3.5 IPsec policies. I have not yet experimented with


More information about the Users mailing list