[strongSwan] PAT

Noel Kuntze noel at familie-kuntze.de
Fri Feb 26 22:08:54 CET 2016


Hello Sean,

strongSwan doesn't care about what you do with the traffic. It only negotiates the IKE_SA and CHILD_SAs.
What you do after they're established doesn't matter for strongSwan.

On 26.02.2016 22:07, Sean Courtney wrote:
> Hi Noel,
>
> I looked at the man for iptables-extensions. i guess i don't want
> netmap at all...i want snat. Does strongswan support snat?
>
> Thanks,
> Sean
>
> On Fri, Feb 26, 2016 at 3:54 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>> > Hello Sean,
>> >
>> > Please always send your email to the mailing list, too.
>> > The scenario only shows the *filter table of iptables, but NAT rules are in the *nat table.
>> > You need to look at the source of the scenario in the repository to see all the rules.
>> >
>> > It's really not that fancy. The iptables target is described on the man page for `iptables` or `iptables-extensions`.
>> >
>> >
>> > On 26.02.2016 21:42, Sean Courtney wrote:
>>> >> HI,
>>> >>
>>> >> I did look at the example outlined here before posting.
>>> >>
>>> >> https://www.strongswan.org/testing/testresults/ikev2/net2net-same-nets/
>>> >>
>>> >> The example uses NETMAP to translate subnets into new subnets with the
>>> >> same subnet mask.
>>> >>
>>> >> I want to do PAT. Is there an example of NETMAP doing PAT? Can NETMAP do PAT?
>>> >>
>>> >> I must be overlooking something so obvious.
>>> >>
>>> >> Thanks
>>> >>
>>> >> On Fri, Feb 26, 2016 at 3:12 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>>>>> >>> > Hello Sean,
>>>>> >>> >
>>>>>>> >>>> >> I really want to PAT my IPSEC'd subnets. Is there anyone to PAT an
>>>>>>> >>>> >> entire subnet with StrongSwan?
>>>>> >>> > Handling the traffic is done in the kernel.
>>>>> >>> > Use the NETMAP target in iptables and negotiate policies that secure the traffic between
>>>>> >>> > your desired subnet and the remote side.
>>>>> >>> >
>>>>> >>> > --
>>>>> >>> >
>>>>> >>> > Mit freundlichen Grüßen/Kind Regards,
>>>>> >>> > Noel Kuntze
>>>>> >>> >
>>>>> >>> > GPG Key ID: 0x63EC6658
>>>>> >>> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>>>> >>> >
>>>>> >>> >
>>> >>
>>> >> -- Sean Courtney Ph - 410 878 7833
>> >
>> >
>> > --
>> >
>> > Mit freundlichen Grüßen/Kind Regards,
>> > Noel Kuntze
>> >
>> > GPG Key ID: 0x63EC6658
>> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>> >
>> >
>
> -- Sean Courtney Ph - 410 878 7833


-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160226/4b7c4c85/attachment.pgp>


More information about the Users mailing list