[Openswan Users] icmp error messages and IPSec-Tunnels
Frank.Mayer at knapp-systems.com
Frank.Mayer at knapp-systems.com
Wed Feb 15 17:56:56 CET 2006
Hello,
I have the following problem:
for some of my IPSec-Tunnels, my gateway needs send messages like "host
unreachable: fragmentation needed" to both machines communicating via
these specific tunnels.
The icmp pakets being sent to the remote network (across the tunnel),
however, get generated with the gateway's public IP address, and therefore
never arrive at the target machine.
I did already try to SNAT these packets, but it looks like they do not
even enter the POSTROUTING-chain of iptables!
Does anyone have any idea on how to handle this?
Best Regards and thanks in advance for your input,
Frank Mayer
UNIX Systemadministration
----------------------------------------------------
KNAPP Systemintegration GmbH
Waltenbachstrasse 9
8700 Leoben, Austria
----------------------------------------------------
Phone: +43 3842 805-921
Fax: +43 3842 82930-921
frank.mayer at knapp-systems.com
www.knapp.com
More information about the Users
mailing list