[Openswan Users] SNAT before IPSec, save my soul.

Paul Wouters paul at xelerance.com
Fri Mar 24 08:08:51 CET 2006

On Thu, 23 Mar 2006, Adrian_Sanchez wrote:

> After digging through dozens of forums and asking for help, I only got
> some comments about using the KLIPS module in order to get back my good'ol
> ipsec0 interface (but I had no chance to compile and run it on Fedora 4
> and 5 with whatever from 2.6.5 to 2.6.15 kernels). I also got comments

It compiles fine for me on FC4 upto about 2.6.14 based kernels. But use the
UP, not the SMP kernels.

> 2.6 + IPSEC + SNAT for Dummies maybe?

I do not know how to do this properly with NETKEY. With KLIPS you can SNAT
the plaintext packets on the intenral interface, and runs klips on the
external interface, and it will work fine.

There were various posts on this topic and solutions of other people on
this list in the past. So perhaps you can find some answers in the archives?


More information about the Users mailing list