[Openswan Users] SNAT before IPSec, cookbook recipe

"Adrián R. Sanchez" adrian_sanchez at actionline.com.ar
Fri Mar 31 12:35:16 CEST 2006

ted leslie wrote:
> can you post or send me your configs as example,
> in particular the iptables rules?
> i am dying to see this.
> -tl

1 - Install a Fedora Core 5, which ships with iptables 1.3.5 and 
OpenSWAN 2.4.4
2 - Download and install the latest 2.6.16 kernel rpm from:


3 - A sample setup:

- Internal host:
- IPSec + NAT Box: (and for natting the internal host)
- Remote IPSec box:
- Remote host to be reached:

Relevant part of ipsec.conf:

conn example

Relevant part of iptables code:

iptables -t nat -A POSTROUTING -s -d -j SNAT 

And that's it!!


Adrián R. Sanchez
Dpto. de Tecnología

Actionline de Argentina S.A.
Viamonte 570 (C1053ABL)
Buenos Aires, Argentina
Tel.: +54 11 5093-3905

More information about the Users mailing list