[strongSwan] NAT with IPsec on 2.6 kernel
Andreas Steffen
andreas.steffen at strongswan.org
Tue Jul 27 11:42:52 CEST 2010
Hello Frank,
starting with the Linux 2.6.16 kernel NAT before ESP is no problem.
You can either map your home network to the outer address of the
roadwarrior:
http://www.strongswan.org/uml/testresults44/ikev1/nat-before-esp/
or you can map it to the inner virtual IP address which the
roadwarrior gets via Configuration Payload (IKEv2) or ModeConfig
(IKEv1) from the remote VPN gateway:
http://www.strongswan.org/uml/testresults44/ikev2/nat-virtual-ip/
This NAT rule can be automatically inserted using a modified
updown script:
http://git.strongswan.org/?p=strongswan.git;a=blob;f=testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown;h=aab1df687484362b2c16eaf6bd30d05b3590520a;hb=HEAD
Best regards
Andreas
On 27.07.2010 09:02, Frank Liu wrote:
> Hi all,
>
> I have a setup like the picture shown here
> http://www.logix.cz/michal/devel/ipsec-tools/nat26.xp
> Home Linux 2.6.34 firewall runs Strongswan as roadwarrior. It can
> reach company network fine. How can I NAT the whole home network so
> that computers at home can talk to the company network?
>
> Thanks!
> Frank
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list