Re: [suse-security] VPN masquerading
thanks for your help, but as far as i see these settings are for a vpn endpoint *at* the firewall (firewall == vpn server, otherwise i wouldn't have an ipsec0 interface (or am i missing something)). what i try to achieve is forward the vpn to a masqueraded server (i.e. a server with a private ip address). the variant vpn server == firewall would work, but sadly is not an option for our configuration.
Sorry for misunderstanding your problem. As some of the follow ups already describe the are patches for the kernel and the freeswan sources to go through such a NATing gateway. I run such a patch that does what i expected. My working example goes as follows subnet1 --- priv.ip.addr.int:priv.ip.addr.ext--------priv.ip.addr.int:public.ip.addr.ext :----- LAN___________IPSEC-ROUTER_______________NAT_ROUTER_____ public.ip.addr.ext:priv.ip.addr.int:-----------subnet2 __IPSEC_ROUTER__________________LAN I choosed: kernel 2.4.18 from ftp.kernel.org freeswan 1.97 from ftp.xs4all.nl and patch from http://open-source.arkoon.net/ and all works fine after some hours :O) Yours Michael
participants (1)
-
GentooRulez