Take a look at OUTGOING NETWORK ADDRESS TRANSLATION in ipsec.conf(5).
On 2010-01-16, Mihajlo Manojlov <[email protected]> wrote: > Hello everybody, > > is there any way to route traffic between two ipsec tunnels, like in this > example: > > Lan1---|Router1|--Wan1---|INTERNET|---Wan2---|Router2|---Lan2 > | > Wan3 > | > |Router3| > | > Lan3 > > Router1 is at company's headquarters, Router2 is at remote office and Router3 > is a customer. > Headquarters's Lan1 is connected to remote office's Lan2 and customer's Lan3 > over an IPSec tunnel. > Lan1 <--IPSec--> Lan2 > Lan1 <--IPSec--> Lan3 > > I would like to allow communication between remote offfice's Lan2 to > customer's Lan3 over the Router1. > Lan2 <--IPSec - Router1 - IPSec --> Lan3 > > In Linux, I would just add one more tunnel from remote office's Wan2 to > headquarters's Wan1 with Lan2 and customers Lan3 defined as SA's. > Then I would tell iptables to nat everything from Lan2 to Lan3 --> Lan1 IP. > Request would come from Lan2 to Lan3 over second defined tunnel between > Router2 and Router1 and there it would be NAT-ed to Lan1 IP and sent forward > to Lan3 over the existing tunnel between Router1 and Router3. > > Can I do that with pf and isakmpd ? > > Thank you very much
