[Openswan Users] leftsubnet parameter question - which network definition
Paul Wouters
paul at xelerance.com
Mon Feb 23 12:38:20 EST 2009
On Mon, 23 Feb 2009, Torsten Krah wrote:
> Ok thats what i want, but although the tunnel is ab and the SA is stablished,
> my packets does not arrive at the "ipsec0" interface.
> So the question is, is it a supported configuration to have a POSTROUTING /
> PREROUTING virtual subnet and get those natted packets on the ipsec* interface
> of openswan?
I believe it works if you mangle the packets on the physical ethX specifically.
You cannot mangle the packets on the ipsecX interfaces.
> How to debug (packet filter access for debugging purposes is ALLOW for all
> chains) where my packets are lost?
ipsec klipsedebug --all
then check dmesg
Paul
More information about the Users
mailing list