[Openswan Users] SNAT before OpenSwan, same box?
Paul Wouters
paul at xelerance.com
Fri Mar 17 14:33:10 CET 2006
On Fri, 17 Mar 2006, "Adrián R. Sanchez" wrote:
> Where in the kernel packet flow is located OpenSwan?
Depends on whether you are using NETKEY or KLIPS.
> Is it after or before the POSTROUTING table?
With KLIPS it is like any other interface, since it uses the seperate ipsecX
interface. With NETKEY, things depend a bit on the kernel version, and is
rather strange. You'd need the latest 2.6. kernel for Patrick Hardy's SNAT+IPsec
fixes.
> In other words, can I SNAT packets before they get into an OpenSwan tunnel
> just like I do it in a Cisco VPN terminator by removing the "no nat" command?
With KLIPS, yes.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list