[Openswan Users] Solved: Strange problem after updating from kernel2.6.8 to 2.6.18
Balázs Bárány
bb at apc.ag
Thu Dec 13 08:10:46 EST 2007
Hello,
thanks for all your help.
It turned out to be a NAT issue. The "-t nat -A POSTROUTING" rules on the
gateway matched before the IPSEC routes, so the packets got rewritten.
Strange.
I solved it using the following code:
# IPSEC networks we work with
ipsec_networks="192.168.XX.0/24" # First peer net
ipsec_networks="$ipsec_networks 192.168.YY.0/24" # Second peer net
ipsec_networks="$ipsec_networks 192.168.ZZ.0/24" # Third peer net
ipsec_networks="$ipsec_networks 164.AA.BB.CC/28" # Fourth peer net
# Before masquerading, IPSEC destinations must be excluded from NAT
for ipsecnet in $ipsec_networks; do
# Don't NAT this destination
/usr/sbin/iptables -t nat -A POSTROUTING -o $extdev -d $ipsecnet -j
ACCEPT
done
# masquerading the internal net
/usr/sbin/iptables -t nat -A POSTROUTING -s $internalnet -o $extdev -j SNAT --to-source $extip
Regards
--
Balázs Bárány
Information Services Development
apc interactive solutions AG
Brigittenauer Lände 50-54/1, 2.OG
A-1200 Wien
Handelsgericht Wien FN 191 435y
balazs.barany at apcinteractive.net http://www.apcinteractive.net
More information about the Users
mailing list