VPN:
ipsec Internet 10.10.10.0/24
+-----------------------|Shorewall Server|----|LAN|
| |
| |
+---+ |ipsec
| A | | |
+---+ +---+
192.168.105.212 | B |192.168.1.101
+---+
Clients A and B can both establish successful
nat encapsulated ipsec sessions to the shorewall
server. I can successfully receive and transmit
between the shorewall server and client A as well
as between the shorewall server and client B.
What is the best method to allow communication
between Client A and B? I cannot use their
RFC 1918 addresses because I do not have an
IPSEC policy that dictates that the other
client's network should be encrypted.
I would prefer to nat the clients with addresses from
my local LAN, 10.10.10.0/24, or another subnet. I tried
adding this to /etc/shorewall/nat:
#EXTERNAL INTERFACE INTERNAL ALL INTERFACES LOCAL
10.10.10.10 eth1 192.168.1.101 Yes Yes
10.10.10.12 eth1 192.168.105.212 Yes Yes
However when I do a tcpdump on the firewall interface I only see
DNAT taking place.
Is there are recommended method to provide local ips to VPN clients?
thanks,
Jesse
--
The trenchant blade, Toledo trusty,
For want of fighting was grown rusty,
And ate into itself, for lack
Of somebody to hew and hack.
-- Samuel Butler
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
