[Openswan Users] access to the remote ipsec connexion on localrouter

Paul Wouters paul at xelerance.com
Thu Apr 21 12:09:43 EDT 2011

On Thu, 21 Apr 2011, Jean-Francois Couture wrote:

> conn watchguard
>        auth=esp
>        type=tunnel
>        aggrmode=no
>        esp=3des-sha1
>        authby=secret
>        keyexchange=ike
>        keyingtries=0
>        pfs=no
>        auto=start
>        ike=3des-sha1-modp768
>        ikelifetime=8h
>        left=<Local external IP>
>        leftsubnet=

> I also need to add "leftsourceip=" the the watchguard connector ? ex.
> "leftsourceip="


> Do I need a iptables policy to let the local server see the remote tunnel ?


> Btw, If you have some example on the iptables policy, i'm all ears ;-)

What leftsource= basically does is (top of my head, not trust me on exact syntax)

ip route add src

Normally, a host picks the "nearest" IP to use as source, but the nearest ip for
you might not be the best pick (though in this case with NAT, it might be the same)
if it does not fall within leftsubnet=

So, I'm not entirely use if this option will fix your case.


More information about the Users mailing list