[Openswan Users] overlapping networks with nat-t

Marco Berizzi pupilla at hotmail.com
Thu Jan 19 16:21:28 CET 2006

Jacco de Leeuw wrote:

>Marco Berizzi wrote:
>>>though. This will be very hard using netkey.
>>Not now. Patrick McHardy patches has been in the
>>mainline kernel since 2.6.15-git5. With a recent
>>iptables snapshot version there is a new 'policy
>>match' which allow very granual control over ipsec
>>packets. For anyone who is interested see: 
>Which of Patrick McHardy's patches are in 2.6.15-git? These?

YeSS: a much more recent version. The patches in the
pom-ng tarball were quite old and unmantained (they
didn't apply to 2.6.14 for example).

>Does this mean you will be able to run tcpdump

Please see:

>the unencrypted packets and/or NAT these packets to an (L2TP)
>server on another interface?

I think yes, why not? ;-)

More information about the Users mailing list