[Openswan Users] Routing problem with tunnel established
webmaster at elnportal.it
webmaster at elnportal.it
Fri Jan 13 16:57:51 CET 2006
Hi to all, I've a problem on my net to net vpn tunnel.
I can ping the subnet's each other except for one AS400 server and 2 CISCO
routers. I think that for routers the problem is the ACL .... so i'm trying to
SNAT the packet before.
Let's make it clear.
REMOTE CISCO ACL 10.0.2.0/24 CISCO IP 10.0.2.1
LOCAL SUBNET TRYING TO CONNECT TO CISCO DEVICE 10.0.1.0/24
10.0.1.0/24 -- OPENSWAN GATEWAY1 ==== OPENSWAN GATEWAY2 -- 10.0.2.0/24 (here
CISCO 10.0.2.1)
when I try to ping 10.0.2.1 from 10.0.1.0/24 subnet I can't receive any
response.
tcpdumping the internet LAN of vpn end terminal phisically connected to 10.0.2.1
I see that ESP packets flow from 10.0.1.0/24 subnet to 10.0.2.1 but 10.0.2.1
doesn't reply.
I would like to change source IP from 10.0.1.0/24 to a dummy ip accepted by the
CISCO ACL (a reserved IP on 10.0.2.0/24 subnet) using SNAT.
I've tried
iptables -t nat -A POSTROUTING -d 10.0.2.1 -j SNAT --to 10.0.2.254
on Openswan Gateway connected to 10.0.1.0/24 but it doesn't seems to work.
Tried too
iptables -t nat -A POSTROUTING -d 10.0.2.1 -j SNAT --to 10.0.2.254
on Openswan Gateway connected to 10.0.2.0/24 subnet but it still doesn't work.
I think that firewall decision are taken before vpn packets information
extraction.
What can I do ? Can I operate some modification on mangle table to achieve my
goal ?
Thank you
More information about the Users
mailing list