[Openswan Users] Tunnel to Cisco w/private ip
paul at xelerance.com
Thu Sep 14 21:34:12 EDT 2006
On Thu, 14 Sep 2006, Eyal Marantenboim wrote:
> My peer is a Linux 2.6 running openswan with public ip.
So what are you? I am confused.
> My internal network is 10.1.1.0/24 but the client wants me to nat it
> using 192.168.50.51
> Im trying to connect to a client who uses Cisco concentrator behind NAT
I take it that box connects to you and not you to him, since he is behind
> The connection works fine. On both sides we see the tunnel up. The only
> problem is that no traffic is going through.
> Using tcpdump I see that the traffic is not being encrypted. Its going
> through my external interface (eth1) but its not going throught the
You are using netkey i think and then you cannot see if the traffic is
encrypted or not. It is most likely encrypted.
> Is there a way that instead of using iptables POSTROUTING to nat my
> private network, to use something else?
Make sure to NAT with a \! -d rule to exclude NAT from packets that will
go through an ipsec tunnel.
> This is my config:
> conn tw2
> leftsubnet=ip Im trying to hit/32
You can't do this. You have to use auto=add, and let the other end
initiate to you.
Building and integrating Virtual Private Networks with Openswan:
More information about the Users