[Openswan Users] change to NAT rules so pulic IP address of openswan boxes accessible from remote LAN?
Paul Wouters
paul at xelerance.com
Mon Jan 10 21:02:46 EST 2011
On Mon, 10 Jan 2011, M B wrote:
> i have the following setup:
>
> LAN-WC-------------OpenSwan----------INTERNET------------OpenSwan------------LAN-EC
> 192.168.0.X 192.168.10.X
>
> currently im unable to ping either of the public ip addresses on the openswan VPN boxes (both have public IPs) from the
> remote LAN. looks like this is due to the openswan box
> also being the default gateway for the respective LAN clients therefore the LAN source IPs are not being NAT'd resulting
> in an unroutable source IP address
> arriving at the public interface of the other openswan box. how can i fix this on the openswan boxes? can i force
> traffic from each local LAN to the public
> IP of the other sides openswan system to be NAT'd? thx-
the public ip is not part of the subnet-subnet tunnel that only covers internal IPs.
You will need to add an ipsec tunnel for subnet-publicip for each end.
If you want the gateways themselves to acces the remote lan with the internal ips,
you can use leftsourceip/rightsourceip set to their internal IP.
Paul
More information about the Users
mailing list