[Openswan Users] Source NATTING IPSEC traffic

Duane Mulder duanemulder at rattyshack.ca
Fri Aug 20 12:02:34 EDT 2010

Hello All
So I am looking to change the source IP address of traffic that is
destined to go through an IPSEC tunnel. -------[IPSECA]===================[IPSEC_B]------

What  I need to do is SNAT the hosts to a single IP address ie

This means that hosts on the [IPSEC_B] side see traffic coming
from only and not from any address range on the
IPSEC_A side. I understand this also means that hosts from IPSEC_B

Is this something that can be added into /etc/ipsec.conf or do I need to
do some trickery with iptables. Something like
iptables -t nat -A prerouting -d -j NETMAP to

Running on Kernel 2.6.24 Ubuntu Hardy.


More information about the Users mailing list