[Openswan Users] leftsubnet parameter question - which network definition
Torsten Krah
tkrah at fachschaft.imn.htwk-leipzig.de
Mon Feb 23 05:08:17 EST 2009
Am Samstag, 21. Februar 2009 21:41:39 schrieb Paul Wouters:
> leftsubnet= should be the range you want the other side to see the packets
> coming from. If the other side expects packets from 10.1.10.0/24 to arrive
> via the tunnel, ten that is what leftsubnet should be.
Ok thats what i want, but although the tunnel is ab and the SA is stablished,
my packets does not arrive at the "ipsec0" interface.
So the question is, is it a supported configuration to have a POSTROUTING /
PREROUTING virtual subnet and get those natted packets on the ipsec* interface
of openswan?
How to debug (packet filter access for debugging purposes is ALLOW for all
chains) where my packets are lost?
The arrive at the bridge br0 at my router, are nattet but never show up after
natting on ipsec0 interface.
Using racoon + netkey stack it works.
Torsten
--
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe http://www.gnu.org/philosophy/no-word-attachments.de.html
Really, I'm not out to destroy Microsoft. That will just be a
completely unintentional side effect."
-- Linus Torvalds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1996 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090223/57f9a540/attachment.bin
More information about the Users
mailing list