[Openswan Users] Hiding NAT "in the tunnel"
Marco Berizzi
pupilla at hotmail.com
Thu Feb 8 11:53:04 EST 2007
> > Is it possible to configure this scenario using only Openswan? Or do
> > I have to use iptables or does maybe OpenVPN play some role in this?
>
> Yes you can. If you use KLIPS, you can use iptables to NAT packets on
> the ipsec0 interface, and change the policy to make a tunnel for IP
C/32.
> With NETKEY, things are a bit more complex, and you'll end up having
> to mark packets and use certain very new 2.6.18+ kernels due to
changes
> in the SNAT mechanism.
You don't need to mark packets anymore: you only need a
>=2.6.16 kernel and iptables 1.3.5 (if you want to use
the policy match) and:
$IPTABLES -t nat -I POSTROUTING -s 192.168.1.0/24 \
-d 10.0.0.0/24 -j SNAT --to 'IP C/32'
Ciao
More information about the Users
mailing list