[Openswan Users] NAT for packets going into an openswan tunnel

Frank Wilson frank.wilson at sidonis.com
Wed May 13 12:09:21 EDT 2009

I am using a 2.4 linux kernel with the KLIPS ipsec stack.
The version of openswan I am running is 2.4.6 .

My local endpoint is meant to NAT local packets
before they reach go into the tunnel. 
(I.e. leftsubnet=LOCAL_ENDPOINT/32) 
The remote endpoint does not do any NAT for the remote 
VPN hosts. There is no NAT between the endpoints.

I can ping remote VPN IPs from the local endpoint just fine.
However, I cannot ping remote VPN IPs from _other_ local machines
that use that use local endpoint as a gateway for the remote 
VPN subnet.

I had wondered whether this was a firewall rule, but it can't be
because I've just flushed all the chains, set default policies to ACCEPT 
and have basic static SNAT.

Is there anything else I should try? I have a similar setup working with
Openswan 2.4 on a 2.6/NETKEY kernel.



More information about the Users mailing list