[Openswan Users] openswan, alias interface and advanced routing (very long)

Giovani Moda - MR Informática giovani at mrinformatica.com.br
Wed Oct 24 09:43:56 EDT 2007

Hi there,

I've removed all iptables rules that was marking ipsec traffic and also the table and rules for router3 from my advanced routing. Added the iptables rule as Peter sugested, excluding 189.2.x.y and it _seems_ to be working. I'll monitor it closely to see if the problem won't happen again, since this setup is master in suddenly stoping for no reason.

Peter, thanks for your input. I think it might have solved the problem. So simple hun? Sometimes all we need is a fresh pair of eyes...


Giovani Moda
----- Original Message ----- 
  From: Peter McGill 
  To: 'Giovani Moda - MR Informática' ; users at openswan.org 
  Sent: Tuesday, October 23, 2007 5:30 PM
  Subject: RE: [Openswan Users] openswan,alias interface and advanced routing (very long)

  If I've understood your post correctly you have a public eth0 interface with a 189.2.x.x IP,
  and a virtual eth0:0 with a different (similar) IP, which I'll call 189.2.v.v.
  Your IPSec traffic using eth0:0 is incorrectly being NATed to 189.2.x.x by your SNAT rule?
  (Note: if you have more than one IP in 189.2.x.x range then don't mask both as .x.x!
  It's confusing as hell and impossible to determine which routes go where...
  If you hide your IPs at least uniquely identify each.)

  If that's the case then try this change:
  $IPTABLES -t nat -A POSTROUTING -o eth0 -s ! 189.2.v.v -j SNAT --to-source 189.2.x.x

  Peter McGill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071024/911f9cca/attachment.html 

More information about the Users mailing list