[Openswan Users] Source NATTING IPSEC traffic

Duane Mulder duanemulder at rattyshack.ca
Fri Aug 20 12:02:34 EDT 2010


Hello All
So I am looking to change the source IP address of traffic that is
destined to go through an IPSEC tunnel.

10.41.0.0 -------[IPSECA]===================[IPSEC_B]------10.68.0.0

What  I need to do is SNAT the 10.42.0.0 hosts to a single IP address ie
10.52.1.1

This means that hosts on the 10.68.0.0 [IPSEC_B] side see traffic coming
from 10.52.1.1 only and not from any 10.41.0.0 address range on the
IPSEC_A side. I understand this also means that hosts from IPSEC_B

Is this something that can be added into /etc/ipsec.conf or do I need to
do some trickery with iptables. Something like
iptables -t nat -A prerouting -d 10.68.0.0/24 -j NETMAP to 10.52.1.1


Running on Kernel 2.6.24 Ubuntu Hardy.

regards,
Duane


More information about the Users mailing list