[Openswan Users] overlapping networks with nat-t

Paul Wouters paul at xelerance.com
Wed Jan 18 19:09:29 CET 2006


On Wed, 18 Jan 2006, Marco Berizzi wrote:

> I have successfully deployed NAT-T on my various
> linux 2.6 (netkey) gateways with OSW 2.4.4. It's
> working good with Windoze XPsp2. Now, mobile
> users are able to connect to my private lan (which
> is a 172.16.0.0/23) from others company private
> networks. My osw box is also tunnelling ipsec traffic
> from/to a (very common) 192.168.1.0 network. This
> prevent roadwarriors which are connected to a
> 192.168.1.0 network to connect to my network. I
> cannot change any network ip address. Is there any
> solution to this problem? DHCP over IPsec? Does
> windows XPsp2 support it?

an ugly hack is to setup a tunnel for another range,
eg 127.168.1.0/24 and then run SNAT / DNAT on the
packets. Be careful not to NAT the ipsec packets
though. This will be very hard using netkey.

Paul


More information about the Users mailing list