[Openswan Users] Solved: Strange problem after updating from kernel2.6.8 to 2.6.18

Balázs Bárány bb at apc.ag
Thu Dec 13 08:10:46 EST 2007


thanks for all your help.

It turned out to be a NAT issue. The "-t nat -A POSTROUTING" rules on the
gateway matched before the IPSEC routes, so the packets got rewritten.

I solved it using the following code:

# IPSEC networks we work with
ipsec_networks="192.168.XX.0/24" # First peer net
ipsec_networks="$ipsec_networks 192.168.YY.0/24" # Second peer net
ipsec_networks="$ipsec_networks 192.168.ZZ.0/24" # Third peer net
ipsec_networks="$ipsec_networks 164.AA.BB.CC/28" # Fourth peer net

# Before masquerading, IPSEC destinations must be excluded from NAT
for ipsecnet in $ipsec_networks; do
        # Don't NAT this destination
        /usr/sbin/iptables -t nat -A POSTROUTING -o $extdev -d $ipsecnet -j

# masquerading the internal net
/usr/sbin/iptables -t nat -A POSTROUTING -s $internalnet -o $extdev -j SNAT --to-source $extip

Balázs Bárány
Information Services Development
apc interactive solutions AG
Brigittenauer Lände 50-54/1, 2.OG
A-1200 Wien

Handelsgericht Wien FN 191 435y

balazs.barany at apcinteractive.net	http://www.apcinteractive.net

More information about the Users mailing list