[Openswan Users] Double-NAT troubles

Arne Wichmann aw at linux.de
Wed Apr 21 15:52:51 EDT 2010


I am trying to connect to a peer network which is using similar address
ranges as we do. To be able to communicate I NAT both our networks to an
alternate range. Communication with the other side is facilitated using
IPsec using Openswan on our side.

My first experiments using

iptables -t nat -A PREROUTING -d -j NETMAP --to

showed that the packets seem to leave the machine without encapsulation.
Without this line packets to 11.0.0.x are encapsulated. This seems to
indicate that I have misunderstandings about the interactions between
iptables and openswan/ipsec. Could someone please enlighten me, which steps
are taken in which order in iptables and ipsec in the kernel, respectively?

Maybe this would give me an idea how to proceed with the ensuing Source-NAT
parts and the other direction.


Arne Wichmann, Oberföhringer Straße 242a, 81925 München
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20100421/be1e18c7/attachment.bin 

More information about the Users mailing list