[Openswan Users] Routing through tunnel, how?

Morten Brix Pedersen morten at wtf.dk
Mon Sep 23 07:38:51 UTC 2013 

Hi,

I have the following setup:

Side A (me):
Local ip: 172.x.x.x
Public ip: z.z.z.z

Side B (them):
Remote ip: y.y.y.y

They have assigned me address 10.131.x.x which I must NAT all traffic
through to get to server ip 131.x.x.x. My server only has one network
interface (eth0, with address 172.x.x.x)

So this is my configuration:

conn vpn
        authby=secret
        forceencaps=yes
        auto=start
        left=%defaultroute
        leftid=z.z.z.z
        leftsourceip=z.z.z.z
        leftsubnet=10.131.x.x/32
        right=y.y.y.y
        rightid=y.y.y.y
        rightsubnet=10.172.x.x/32
        phase2alg=aes256-sha1
        pfs=no

The VPN tunnel is established:

000 "vpn":
10.131.x.x/32===172.x.x.x[z.z.z.z]...y.y.y.y<y.y.y.y>===10.172.x.x/32;
erouted; eroute owner: #3
000 "vpn":     myip=z.z.z.z; hisip=unset;
000 "vpn":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "vpn":   policy: PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD;
prio: 32,32; interface: eth0;
000 "vpn":   newest ISAKMP SA: #1; newest IPsec SA: #3;
000 "vpn":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "vpn":   ESP algorithms wanted: AES(12)_256-SHA1(2)_000; flags=-strict
000 "vpn":   ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000 "vpn":   ESP algorithm newest: AES_256-HMAC_SHA1; pfsgroup=<N/A>
000
000 #3: "vpn":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 27560s; newest IPSEC; eroute owner; isakmp#1; idle;
import:admin initiate
000 #3: "vpn" esp.86884638 at y.y.y.y esp.a7324109 at 172.31.2.203
tun.0 at y.y.y.ytun.0@172.31.x.xref=0 refhim=4294901761
000 #1: "vpn":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE
in 2076s; newest ISAKMP; lastdpd=4s(seq in:0 out:0); idle; import:admin
initiate


Now I must access server ip 131.x.x.x but NAT it through our assigned ip
address 1.131.x.x.

How can I do that?

Thanks.

 - Morten.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130923/4a3f6bec/attachment.html>

More information about the Users mailing list