[Openswan Users] One side NAT other side not??
paul at xelerance.com
Thu Aug 24 12:46:17 EDT 2006
On Thu, 24 Aug 2006, jham at gnumax.com wrote:
> I have a question on Openswan configuration for a tunnel through OpenSwan
> and CheckPoint. The checkpoint side is not NAT-ted. The OpenSwan is NATed.
> The solution suggested is as follows for the LinuxGW ipsec.conf
> Left: 10.1.254.1 (local private IP)
> Left ID: PublicNATIP (local public IP)
> Left subnet: 10.1.0.0/16
> Right: CP PublicNONATIP (remote public IP)
> Right subnet: 10.2.0.0/16
> Is this correct??
> I have been unsucessful to this point applying any PRE-Routing rules to
> disable NAT to the remote destination.
iptables -I PREROUTING -i internalinterface -s 10.1.0.0/16 -d 10.2.0.0/16 -j ACCEPT
iptables -A PREROUTING -i internalinterface -s 10.1.0.0/16 -j SNAT --to-source PublicNATIP
This will prevent NATing packets for IPsec.
Building and integrating Virtual Private Networks with Openswan:
More information about the Users