[Openswan Users] NAT for packets going into an openswan tunnel
frank.wilson at sidonis.com
Fri May 15 04:43:20 EDT 2009
Thanks for your reply. In fact, all I needed to do was
modify some default firewall rules that came with my distro.
I needed to explicitly FORWARD traffic from my LAN interface
to the ipsec interface aswell as doing the NAT (I'm using
With NETKEY, if you have the leftsubnet limited to just the
vpn gateway (i.e. leftsubnet=VPN_GATEWAY_IP/32). Then as long
as you have /proc/sys/net/ipv4/ip_forward = 1 it will automatically
forward and NAT any packets from machines that are using
the openswan host as a gateway for the remote network. If you
are having difficulty setting this up I can give you an example
From: Tiago Durante [mailto:tiagodurante at gmail.com]
Sent: 13 May 2009 21:16
To: Frank Wilson
Subject: Re: [Openswan Users] NAT for packets going into an openswan tunnel
On Wed, May 13, 2009 at 12:09 PM, Frank Wilson <frank.wilson at sidonis.com>
> Is there anything else I should try? I have a similar setup working with
> Openswan 2.4 on a 2.6/NETKEY kernel.
-- Sorry to reply with another question, but how do you do it using NETKEY?
When I'm using KLIPS I found quite easy to NAT tha packages... All I
do is something like that:
iptables -t nat -A POSTROUTING -s $myLAN -o ipsec0 -d $someVPN -j SNAT
But when I'm using NETKEY I've no idea how to do that as the NETKEY
doesn't create the ipsecX interface... right?
Perseverance is the hard work you do after you
get tired of doing the hard work you already did.
-- Newt Gingrich
More information about the Users