[Openswan Users] Connecting two ipsec tunnels
Paul Wouters
paul at xelerance.com
Fri May 12 03:19:37 CEST 2006
On Thu, 11 May 2006, Jett, Nathan wrote:
> Sorry for the confusion. I have a working tunnel to my customer who is allowing access to a server at 192.168.100.50 on their network. I also have a working tunnel to my remote office to access their network at 192.168.200.0/24. However my remote office can not connect to the customer's server at 192.168.100.50.
>
> I need my remote office to be able to connect through my linux/openswan system to my customer's server.
>
> I was assuming I would have to masquerade the packets coming from my remote office to look like they are coming from an IP address on my local network before they would be allowed to pass to the customer's network.
Why not just add another IPsec tunnel instead of using NAT? If I understood
you right, you should be able to setup another tunnel for 192.168.200/24 to
192.168.100.50. Using NAT and IPsec can be tricky, because NAT breaks IPsec.
Paul
More information about the Users
mailing list