[Openswan Users] Two questions
Paul Wouters
paul at xelerance.com
Mon Nov 23 19:12:43 EST 2009
On Mon, 23 Nov 2009, smonti at microtrol.com.ar wrote:
> a) I've configured start=auto in ipsec.conf but when I reboot the machine,
its auto=start
> b) I've configured iptables in order the packets flow between the LANs. The
> rules work fine but I have the following problem:
>
> - With the tunnel up: User on LAN A does ping to a user on LAN B and he
> receives the echo reply. It's OK.
You need to exclude NAT for lan-lan packets. Usually something like:
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -d 192.168.2.0/24 -j RETURN
(assuming this side is 192.168.1.0/24 and remote is 192.168.2.0/24)
You would have to do the same on the remote end (and swap the -s and -d arguments there)
Paul
More information about the Users
mailing list