[Openswan Users] openswan & nat
Osvaldo Alvarez Pozo
nebano at gmail.com
Fri Jul 27 09:02:02 EDT 2007
I think I HAVE A problem WITH OPENSWAN AN NAT
my SERVEUR DEBIAN ETCH 2.6 openswn installed via apt-get
behind my debian vpn i have a local network that i nat
my internal network is 192.168.0.0/24 but there is only 3 machines
i have to show it as 192.168.4.240/29
my conf the file
# /etc/ipsec.d/tunel.conf
conn tpublic
type=tunnel
keyexchange=ike
ike=3des-md5-modp1024
ikelifetime=3600
keylife=3600
pfsgroup=modp1024
left=210.23.34.2
leftsubnet=192.168.4.240/29
right=33.206.20.16
authby=secret
pfs=no
rightsubnet=192.168.8.240/29
rightid=10.67.34.13
auto=add
auth=esp
esp=3des-md5
compress=no
the tunnel is up
so i did
iptables -t nat -A POSTROUTING -s 192.168.0.61 -o eth1 -p tcp -j SNAT
--to-source 192.168.4.241
iptables -t nat -A PREROUTING -d 192.168.4.241 -i eth1 -p tcp -j DNAT
--to 192.168.0.61
iptables -t nat -A POSTROUTING -s 192.168.0.63 -o eth1 -p tcp -j SNAT
--to-source 192.168.4.242
iptables -t nat -A PREROUTING -d 192.168.4.242 -i eth1 -p tcp -j DNAT
--to 192.168.0.63
iptables -t nat -A POSTROUTING -s 192.168.0.61 -o eth1 -p udp -j SNAT
--to-source 192.168.4.241
iptables -t nat -A PREROUTING -d 192.168.4.241 -i eth1 -p udp -j DNAT
--to 192.168.0.61
iptables -t nat -A POSTROUTING -s 192.168.0.63 -o eth1 -p udp -j SNAT
--to-source 192.168.4.242
iptables -t nat -A PREROUTING -d 192.168.4.242 -i eth1 -p udp -j DNAT
--to 192.168.0.63
but nothing goes by the tunnel.
Any idea??
More information about the Users
mailing list