[Openswan Users] NAT and VPN
andy at andynet.net
Tue Sep 26 14:21:17 EDT 2006
On Tue, 2006-09-26 at 12:42 -0500, Eyal Marantenboim wrote:
> Yes, left=192.168.51.50.
> I thought about KLIPS, but I wasn’t sure if I can do it without KLIPS (since I need to recompile the kernel).
It should work with NETKEY as well if your kernel is 2.6.16 or later.
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Tuesday, September 26, 2006 12:23
> To: Eyal Marantenboim
> Cc: users
> Subject: Re: [Openswan Users] NAT and VPN
> On Tue, 26 Sep 2006, Eyal Marantenboim wrote:
> > I have a client that wants me to NAT my subnet (10.1.1.0/24) using
> > 192.168.51.50.
> so your ipsec connection has left=192.168.51.50 I assume?
> > My gateway is the same box that does the vpn tunnel.
> > When I try to NAT the packets, linux doesn’t send it through the tunnel.
> > It sends it unencrypted to the internet.
> > When I change my subnet in my ipsec.conf and I delete the NAT rule, the
> > packets go through the tunnel.
> > The problem is that the client wants me to do NAT.
> > I there a way to SNAT a packet and then send it through the tunnel all
> > on the same box?
> Your best bet is to use KLIPS, and NAT on the internal ethX device. Then
> the outgoing packets should get into ipsec0 and get encrypted.
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users