[Openswan Users] Cisco-using client wants me to send packets to non-routed networks across tunnel, how can I?
Paul Wouters
paul at xelerance.com
Tue Apr 20 08:20:16 EDT 2010
On Mon, 19 Apr 2010, George Alexander wrote:
> I'm with 2.4.8-30.fc6/K2.4.8 (klips).
> Last week I brought up a ipsec tunnel with a client connecting my network (172.20.20.0/24) with his
> (10.100.100.30/32).
> Everything went fine.
> This week, I've come to find out, 10.100.100.30 is not the actual IP he wants me to send packets too.
> He wants me to send packets through the tunnel to 10.1.2.0/24 and somehow still have them go through the tunnel.
> I've connected with probably 20 clients and none of them do it this way -- and it seems to me there's not even a
> way to do it. Even if I add a route via ip route/route in linux, I can only specify the interface (ipsec0) and
> then it still won't know which tunnel to go out because that network is unknown to Linux/OpenSWAN.
>
> Is there something I'm missing or is this guy out of his mind? He says he's connected with 6 other vendors with
> this funky method.
that usually involves NAT'ing it just before sending it to them. You'd update the tunnel
config to establish a tunnel with that NAT'ed IP range. Its a "poor man's avoiding IP
range overlaps" configuration. (eg they have more then one customer using the same NAT'ed
space so they add another layer of NAT)
Paul
More information about the Users
mailing list