[strongSwan] iptables rule for masquerading
Noel Kuntze
noel at familie-kuntze.de
Thu Jan 24 23:25:20 CET 2013
Hello,
I need to masquerade the traffic coming out of the tunnel with the
subnet 172.16.19.0/24, but the simple rule
"iptables -t nat -A POSTROUTING -s 172.16.19.0/24 -o eth0 -j MASQUERADE"
doesn't work for some reason.
It would be nice to know what I'm doing wrong here and what the correct
rule would be.
Sincerely,
Noel Kuntze
config:
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=3
keyexchange=ikev2
esp=aes256-sha256
ike=aes256-sha256-modp2048
tfc=%mtu
dpdaction=restart
dpddelay=10
dpdtimeout=60
conn home
leftfirewall=yes
lefthostaccess=yes
left=<the private ip of the server>
leftsubnet=<my private subnet>
leftid=<my dns name>
leftcert=strongswan.pem
leftdns=<the private ip of the server>
rightsourceip=172.16.19.0/24
auto=add
rightca=<CA DN>
right=%any
rightallowany=yes
More information about the Users
mailing list