[Openswan Users] NAT and VPN

Paul Wouters paul at xelerance.com
Tue Sep 26 13:23:16 EDT 2006

On Tue, 26 Sep 2006, Eyal Marantenboim wrote:

> I have a client that wants me to NAT my subnet ( using

so your ipsec connection has left= I assume?

> My gateway is the same box that does the vpn tunnel.
> When I try to NAT the packets, linux doesn’t send it through the tunnel.
> It sends it unencrypted to the internet.
> When I change my subnet in my ipsec.conf and I delete the NAT rule, the
> packets go through the tunnel.
> The problem is that the client wants me to do NAT.
> I there a way to SNAT a packet and then send it through the tunnel all
> on the same box?

Your best bet is to use KLIPS, and NAT on the internal ethX device. Then
the outgoing packets should get into ipsec0 and get encrypted.


More information about the Users mailing list