[Openswan Users] Other side needs different IP / netkey
Paul Wouters
paul at xelerance.com
Fri Mar 5 16:36:16 EST 2010
On Thu, 4 Mar 2010, Tiago Durante wrote:
> Paul, by renumbering you mean really change my networks IP? I don't
> think I can do that.
Yes. You should reconsider strongly renumering.....
> I set a machine behind the FW to SNAT traffic from 192.168.1.0/24 to
> 10.2.2.0/24. So I've this:
>
> not_firewall# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d
> 10.1.1.0/24 -j SNAT --to 10.2.2.254
I meant NATing 10.1.1.x/24 to 10.2.2.x/24. Eg a one to one mapping, not a
one-to-many mapping. That way, you can reverse the mapping again.
> Any tip? I'm really stuck with this tunnel... It was so much easier
> when I had the ipsecX interface, can't understand why it's gonne :(
Talk to the kernel people why they picked an old KAME/BSD design :(
You can still compilse the KLIPS ipsec stack and use that instead of NETKEY.
Paul
More information about the Users
mailing list