[Openswan Users] openswan and NAT
Neal Murphy
neal.p.murphy at alum.wpi.edu
Mon Aug 5 17:14:35 UTC 2013
> I need to setup a tunnel where I have been given a certain source address
> that my clients must come from. So I need to some how NAT my clients
> source address before entering the tunnel. I'm using amazon linux 3.4.37
> with openswan-2.6.37-2.15.
>
> I have tried using iptables but to source nat I had to use the POSTROUTING
> chain which means the packets are already encrypted. I attempted to use
> the PREROUTING chain but discovered SNAT is not allowed on the PREROUTING
> chain.
Correct. You DNAT the packet when it arrives; you SNAT the packet when it
leaves.
If you can use it, the KLIPs module should allow you to capture packets as
they arrive unencrypted; it uses a separate ipsecN IF for the tunnel.
More information about the Users
mailing list