[Openswan Users] Other side needs different IP / netkey

Tiago Durante tiagodurante at gmail.com
Thu Mar 4 14:06:05 EST 2010

Hi guys,

Thanks for the reply.

Paul, by renumbering you mean really change my networks IP? I don't
think I can do that.

I set a machine behind the FW to SNAT traffic from to So I've this:

not_firewall# iptables -t nat -A POSTROUTING -s -d -j SNAT --to

And if I ping from this machine I've no reply. However looking at the
FW I can see that the traffic is being sent to the tunnel and its
sending me a reply, check:

FW# tcpdump -n -i eth1 host THEIR_IP
15:34:12.130006 IP MY_IP > THEIR_IP: ESP(spi=0x30894c8f,seq=0x37a), length 116
15:34:12.366033 IP THEIR_IP > MY_IP: ESP(spi=0xbef6cd6d,seq=0x37a), length 116
15:34:13.138215 IP MY_IP > THEIR_IP: ESP(spi=0x30894c8f,seq=0x37b), length 116
15:34:13.374256 IP THEIR_IP > MY_IP: ESP(spi=0xbef6cd6d,seq=0x37b), length 116
15:34:14.146407 IP MY_IP > THEIR_IP: ESP(spi=0x30894c8f,seq=0x37c), length 116
15:34:14.382527 IP THEIR_IP > MY_IP: ESP(spi=0xbef6cd6d,seq=0x37c), length 116

Any tip? I'm really stuck with this tunnel... It was so much easier
when I had the ipsecX interface, can't understand why it's gonne :(

Thank you very much guys!



On Thu, Mar 4, 2010 at 3:45 AM, Tuomo Soini <tis at foobar.fi> wrote:
>> You really just want to renumber. really. Trust me.
> And because you don't want to renumber again don't renumber to
> Use something like this bash command to generate your new
> network:
> echo 10.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).0/24
> --
> Tuomo Soini <tis at foobar.fi>
> Foobar Linux services
> +358 40 5240030
> Foobar Oy <http://foobar.fi/>

Tiago Durante

Perseverance is the hard work you do after you
get tired of doing the hard work you already did.
-- Newt Gingrich

More information about the Users mailing list