[Openswan Users] question about road-warrior setup with a natted gateway
Freeman Wang
xwang at ubicom.com
Fri Jun 26 13:19:43 EDT 2009
Hi
I'm trying to set up a home IPSec VPN gateway with NAT turned on, and
allow road warrior to connect. The IKE exchange is done successfully,
but I can not get it pass ESP traffic. I wonder if my setup is valid or
even allowed.
This is my setup:
Linux PC (road-warrior) uClinux
box (src 192.168.0.1)
192.168.2.33 ....
192.168.2.77 <----> 192.168.0.0/24
Both netfilters/iptables and openswan are running on the same uClinux
box. If I treat the client as having a fixed IP address, a set up I call
nat-to-host, I can get it work properly after fixing the iptables entry
following the instructions from openswan wiki. However, I have no idea
how to make it work in the case of road-warrior. Here is what confuses
me:
In order to do something like this
# iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE
change it to something like:
# iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -d !
172.16.0.0/24 -j MASQUERADE
It seems I need to know the IP address of the road-warrior to exclude it
from being masqueraded. But how to get the address in the case of
road-warrior? Do I have to turn off NAT if I want to support
road-warrior?
Thanks
Freeman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090626/733f8fa1/attachment-0001.html
More information about the Users
mailing list