[strongSwan] Colliding subnets, NETMAP and charon/pluto
Dennis Jacobfeuerborn
dennisml at conversis.de
Fri Sep 12 17:33:01 CEST 2014
Hi,
I've set up a couple of IPSEC tunnels using Strongswan so far and it
works great however now I've hit a little bump.
I need to set up a tunnel where the /24 subnets on both sides collide.
After some reading it seems that I need to set up an additional /24
subnet on my end which will be used as the subnet of the tunnel and then
use iptables NETMAP rules to NAT IPs from this "fake" subnet to the real
one and back.
Apparently the Strongswan RPM I'm using comes with a script
"_updown_espmark" that is supposed to do something like that but it
seems to have been written for the pluto daemon and its interfaces even
though Strongswan now comes with charon.
If the actual subnet I want to use is 10.1.0.0/24 and the "fake" one for
NATing purposes is 192.168.0.0/24 what iptables rules would I need make
this work?
Regards,
Dennis
More information about the Users
mailing list