> From: Sven Golchert [mailto:no.golle.spam_at_informatik.uni-bremen.de]
> Sent: zaterdag 11 mei 2002 1:12
> client -- masquerading --( inter )-- frees/wan -- protected
> gateway net gateway network
....
> > iptables -t nat -A POSTROUTING -p udp --sport ! 500 \
> -d $ipsecGatewayIP --dport 500 -j SNAT --to :500
....
> while on the client (left) side, you
> could simply put
> :
> : conn example
> : left=%defaultroute
> :
> on the gateway (right) side you'd have to put
> :
> : conn example
> : left=%any # left=$masqIP would also do
> : leftsubnet=$clientIP/32 # this line is IMPORTANT
....
> my masquerading gateway
> (linux 2.2.19, ipchains).
....
> i
> shall shortly look into an environment with netfilter/iptables as
> masquerading gateway. it seems as if netfilter masquerades esp traffic
> without special precautions, and thus a workaround like
> outlined here could
> still be useful. opinions? i'd appreciate your comments.
I had this working once:
client: ebootis (W2k tool)
masq gateway: linux 2.4
freeswan gateway: linux 2.4, FreeSWAN with x509
I'm glad that more people are experimenting that setting
because I had to postpone testing due to lack of a test-evironment.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST