[Openswan Users] icmp error messages and IPSec-Tunnels

Frank.Mayer at knapp-systems.com Frank.Mayer at knapp-systems.com
Wed Feb 15 17:56:56 CET 2006


Hello,

I have the following problem:
for some of my IPSec-Tunnels, my gateway needs send messages like "host 
unreachable: fragmentation needed" to both machines communicating via 
these specific tunnels.
The icmp pakets being sent to the remote network (across the tunnel), 
however, get generated with the gateway's public IP address, and therefore 
never arrive at the target machine.

I did already try to SNAT these packets, but it looks like they do not 
even enter the POSTROUTING-chain of iptables!

Does anyone have any idea on how to handle this?

Best Regards and thanks in advance for your input,
Frank Mayer
UNIX Systemadministration
----------------------------------------------------
KNAPP Systemintegration GmbH
Waltenbachstrasse 9
8700 Leoben, Austria
----------------------------------------------------
Phone: +43 3842 805-921
Fax: +43 3842 82930-921
frank.mayer at knapp-systems.com
www.knapp.com


More information about the Users mailing list