[Openswan Users] Other side needs different IP / netkey

Paul Wouters paul at xelerance.com
Fri Mar 5 16:36:16 EST 2010

On Thu, 4 Mar 2010, Tiago Durante wrote:

> Paul, by renumbering you mean really change my networks IP? I don't
> think I can do that.

Yes. You should reconsider strongly renumering.....

> I set a machine behind the FW to SNAT traffic from to
> So I've this:
> not_firewall# iptables -t nat -A POSTROUTING -s -d
> -j SNAT --to

I meant NATing 10.1.1.x/24 to 10.2.2.x/24. Eg a one to one mapping, not a
one-to-many mapping. That way, you can reverse the mapping again.

> Any tip? I'm really stuck with this tunnel... It was so much easier
> when I had the ipsecX interface, can't understand why it's gonne :(

Talk to the kernel people why they picked an old KAME/BSD design :(

You can still compilse the KLIPS ipsec stack and use that instead of NETKEY.


More information about the Users mailing list