[Openswan Users] question about road-warrior setup with a natted gateway

Paul Wouters paul at xelerance.com
Sat Jun 27 00:54:48 EDT 2009

On Fri, 26 Jun 2009, Freeman Wang wrote:

> Now if I have a road warrior openswan VPN connection up, how can I make the traffic to the road warrior by-pass the NAT filter rule and go to the eroute instead? I hope, in the same time, I can still let the rest of the private LAN use NAT when they are not talking to the road warrior.
> The configuration manual in the openswan wiki page suggests replacing the NAT rule with an exception for the peer subnet. But I won't know the peer address until the IPSec connection is up. (The same trick has been working fine for me for cases other than road warrior.)

Perhaps the easiest trick would be to run two VM's on the "gateway" machine
and have one VM do IPsec, and the next VM NAT.


More information about the Users mailing list