[Openswan Users] Openswan netkey

Randy Wyatt rwyatt at nvtl.com
Sat Nov 6 17:08:18 EDT 2010


  You actually need to use iptables on the openswan box.

You need a rule similar to the following
iptables -t nat -A POSTROUTING -s ! -d -j MASQUERADE

otherwise packets will be masqueraded.


-----Original Message-----
From: users-bounces at openswan.org on behalf of Andris Lismanis
Sent: Wed 11/3/2010 10:36 AM
To: users at openswan.org
Subject: [Openswan Users] Openswan netkey

I'm trying to setup Openswan IPsec VPN. My setup is NATed at both ends as following: lan ----- (openswan)--adsl (nat-t)------internet------(nat-t)adsl---- rw

I have managed to succefully establish a tunnel between the NATed gateway and NATed roadwarrior. The problem I have is that I cannot ping each other or the subnet from rw. I don't use any iptables or any other firewall software on gateway. The only ports open on ADSL router are 500 and 4500 (UDP).

I have searched around the google for various examples but haven't come across anything that works. Can someone please advice.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101106/4739cc56/attachment.html 

More information about the Users mailing list