[Openswan Users] Ipsec passthrough on linux
Paul Wouters
paul at xelerance.com
Thu Aug 14 10:24:21 EDT 2008
On Thu, 14 Aug 2008, Felipe - Rasputin wrote:
> iptables -t nat -I POSTROUTING -s $IP_1 -p esp -j MASQUERADE
> iptables -t nat -I POSTROUTING -s $IP_2 -p esp -j MASQUERADE
> iptables -t nat -I POSTROUTING -s $IP_1 -p ah -j MASQUERADE
> iptables -t nat -I POSTROUTING -s $IP_2 -p ah -j MASQUERADE
You cannot rewrite (via masquerade) ipsec packets. You must use -j ACCEPT.
If you're behind NAT, let NAT-T do its work and encapsulate with udp 4500
Paul
More information about the Users
mailing list