[strongSwan] NATing around a subnet conflict
Tom Rymes
trymes at rymes.com
Mon Sep 14 21:18:29 CEST 2020
Can anyone point me in the right direction to getting traffic routed
across a site-site tunnel in a scenario where there is a subnet conflict?
Basically, our local subnet (10.100.0.0/23) conflicts with one on the
remote side, so we need to use NAT to trick the other side into seeing
us as 10.100.0.252/23. We have configured the tunnel and brought it up
so that this is the output of "ipsec status tunnelname"
[root at myhost ~]# ipsec status tunnelname
Security Associations (53 up, 0 connecting):
tunnelname[6102]: ESTABLISHED 107 minutes ago,
xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]...yyy.yyy.yyy.yyy[yyy.yyy.yyy.yyy]
tunnelname{10971}: INSTALLED, TUNNEL, reqid 36, ESP SPIs: ced441ef_i
2dc9af95_o
tunnelname{10971}: 10.100.252.0/23 === 10.210.2.0/23
Now, I know that I need some SNAT/DNAT/????? magic to tell the local
machine where to send the traffic and how to translate it, but I'm in
over my head.
Any help and pointers to the appropriate documentation would be appreciated.
Many thanks,
Tom
More information about the Users
mailing list