[Openswan Users] change to NAT rules so pulic IP address of openswan boxes accessible from remote LAN?
sf1882 at gmail.com
Mon Jan 10 23:27:45 EST 2011
in looking over my ipsec.conf i forgot that i already had changed it as i
have multiple subs on the right side. so, it actually looks like this:
this being the case wouldn't my last connection enty cover the left LAN to
public IP of right hand side? and yes, the 69.X.X.X is the pub IP of the
lefthand openswan box and the 173.X.X.X is the pub of the right hand
On Mon, Jan 10, 2011 at 8:10 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Mon, 10 Jan 2011, M B wrote:
> ok.. so, if the public IP address is not part of the tunnel why are the
>> openswan boxes sending packets to the pub IPs across the tunnel?
> It is part of the tunnel, but not in a regular way.
> here's my connection for the subnet-subnet tunnel:
>> conn LANWC-TO-LANEC
> if your openswan box does not have either 69.105.X.X or 173.12.X.X
> configured on the box
> itself, this will not work. You need to define your end by its local ip.
> what would i need to add to setup the subnet-public IP connection?
>> something like:
>> conn LANWC-TO-ECPUB
> If you need the /29 then yes. If you just need the one IP, and it is the
> same as right
> itself, you can just leave out rightsubnet=
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users