[Openswan Users] question about road-warrior setup with a natted gateway
Paul Wouters
paul at xelerance.com
Sat Jun 27 00:54:48 EDT 2009
On Fri, 26 Jun 2009, Freeman Wang wrote:
> Now if I have a road warrior openswan VPN connection up, how can I make the traffic to the road warrior by-pass the NAT filter rule and go to the eroute instead? I hope, in the same time, I can still let the rest of the private LAN use NAT when they are not talking to the road warrior.
>
> The configuration manual in the openswan wiki page suggests replacing the NAT rule with an exception for the peer subnet. But I won't know the peer address until the IPSec connection is up. (The same trick has been working fine for me for cases other than road warrior.)
Perhaps the easiest trick would be to run two VM's on the "gateway" machine
and have one VM do IPsec, and the next VM NAT.
Paul
More information about the Users
mailing list