[strongSwan] General Question about NFLOG
Thomas Will
thomas.will at xinux.de
Wed Sep 13 20:20:55 CEST 2017
Hello,
I have a general question about nflog.
When i establish a vpn-con like 192.168.200.0/24 - to - 192.168.44.0/24
and on my site there is an interface on vpn-gw like 192.168.200.1, i am
able
to capture the output decap traffic in nflog:5 with
iptables -t mangle -I POSTROUTING -m policy --pol ipsec --dir out -j
NFLOG --nflog-group 5
and
tcpdump -ni nflog:5
But when i establish a vpn-conn like 192.168.11.0/24 - to - 192.168.44.0/24
and my local subnet is still 192.168.200.0/24 ... so i have to snat my
subnet to 192.168..11.0/24
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -d 192.168.44.0/24
-o $WAN -j NETMAP --to 192.168.11.0/24
there ist no route in table 220 ... and i am not able to capture the
decapsulated IPsec out traffic
....
is there any way to do this anyway?
regards
--
Thomas Will
Xinux e.K.
Wichernstrasse 18
66482 Zweibruecken
Registergericht
Amtsgericht Zweibruecken
HRA 1518
P: +49 6332 44040
F: +49 6332 899227
M: +49 170 5218548
M: +49 176 97497102
E: thomas.will at xinux.de
W: http://www.xinux.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170913/716c3169/attachment.html>
More information about the Users
mailing list