[strongSwan] Tunnel traffic transparently through roadwarrior connection
Tobias Brunner
tobias at strongswan.org
Wed Jun 29 12:20:09 CEST 2016
Hi Boris,
> -A POSTROUTING -o wlan_cli -j MASQUERADE
Your MASQUERADE rule probably NATs the traffic to the physical IP, so it
won't match the outbound IPsec policies (VIP -> 0.0.0.0/0) and therefore
is not tunneled. If you want to actually NAT to the virtual IP then you
have to install an SNAT rule in a customized updown script like in the
ikev2/nat-virtual-ip scenario [1] (script at [2]).
Regards,
Tobias
[1] https://www.strongswan.org/testing/testresults/ikev2/nat-virtual-ip/
[2]
https://git.strongswan.org/?p=strongswan.git;a=blob;f=testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown;hb=HEAD
More information about the Users
mailing list