[Openswan Users] leftsubnet parameter question - which network definition

Torsten Krah tkrah at fachschaft.imn.htwk-leipzig.de
Mon Feb 23 05:08:17 EST 2009

Am Samstag, 21. Februar 2009 21:41:39 schrieb Paul Wouters:
> leftsubnet= should be the range you want the other side to see the packets
> coming from. If the other side expects packets from to arrive
> via the tunnel, ten that is what leftsubnet should be.

Ok thats what i want, but although the tunnel is ab and the SA is stablished, 
my packets does not arrive at the "ipsec0" interface.
So the question is, is it a supported configuration to have a POSTROUTING / 
PREROUTING virtual subnet and get those natted packets on the ipsec* interface 
of openswan?
How to debug (packet filter access for debugging purposes is ALLOW for all 
chains) where my packets are lost?
The arrive at the bridge br0 at my router, are nattet but never show up after 
natting on ipsec0 interface.
Using racoon + netkey stack it works.


Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe http://www.gnu.org/philosophy/no-word-attachments.de.html

Really, I'm not out to destroy Microsoft. That will just be a 
completely unintentional side effect."
	-- Linus Torvalds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1996 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090223/57f9a540/attachment.bin 

More information about the Users mailing list