[strongSwan] NATing around a subnet conflict

Tom Rymes trymes at rymes.com
Mon Sep 14 21:18:29 CEST 2020

Can anyone point me in the right direction to getting traffic routed 
across a site-site tunnel in a scenario where there is a subnet conflict?

Basically, our local subnet ( conflicts with one on the 
remote side, so we need to use NAT to trick the other side into seeing 
us as We have configured the tunnel and brought it up 
so that this is the output of "ipsec status tunnelname"

[root at myhost ~]# ipsec status tunnelname
Security Associations (53 up, 0 connecting):
tunnelname[6102]: ESTABLISHED 107 minutes ago, 
tunnelname{10971}:  INSTALLED, TUNNEL, reqid 36, ESP SPIs: ced441ef_i 
tunnelname{10971}: ===

Now, I know that I need some SNAT/DNAT/????? magic to tell the local 
machine where to send the traffic and how to translate it, but I'm in 
over my head.

Any help and pointers to the appropriate documentation would be appreciated.

Many thanks,


More information about the Users mailing list