[Openswan Users] NAT for packets going into an openswan tunnel
Frank Wilson
frank.wilson at sidonis.com
Wed May 13 12:09:21 EDT 2009
I am using a 2.4 linux kernel with the KLIPS ipsec stack.
The version of openswan I am running is 2.4.6 .
My local endpoint is meant to NAT local packets
before they reach go into the tunnel.
(I.e. leftsubnet=LOCAL_ENDPOINT/32)
The remote endpoint does not do any NAT for the remote
VPN hosts. There is no NAT between the endpoints.
I can ping remote VPN IPs from the local endpoint just fine.
However, I cannot ping remote VPN IPs from _other_ local machines
that use that use local endpoint as a gateway for the remote
VPN subnet.
I had wondered whether this was a firewall rule, but it can't be
because I've just flushed all the chains, set default policies to ACCEPT
and have basic static SNAT.
Is there anything else I should try? I have a similar setup working with
Openswan 2.4 on a 2.6/NETKEY kernel.
Thanks,
Frank
More information about the Users
mailing list