I have a server with two NICs, one connected directly to the Internet (and thus with a valid public IP address), and the other to a 192.168.0.0/24 LAN (server address 192.168.0.1). Masquerading is set up (via the masq file) from the LAN to Internet interfaces and works as expected.
The server also runs an l2tp/ipsec VPN, and clients connected via that VPN are allowed further access (which isn't important here). Clients on the LAN can establish a VPN connection to the 192.168.0.1 without problem. However, we want to be able to establish a VPN connect from a LAN client by specifying the external IP address of the server. Despite SNAT being in place and working, attempts to establish a VPN connection to the external server address fail, and looking at the logs, pluto (the IPsec server) is reporting the connection as coming from the client's 192.168.0.0/24 address. I suspect the setup of the VPN is failing because the client is sending TO the external IP address and receiving reply packets BACK from the 192.168.0.1 address. I am sure there must be a way of having NAT work within the server from one interface to another, but I can't see how to do that, and I'd be grateful for any pointers. I hope the above explanation is clear, but if not then please ask questions. Thanks for any help, Keith ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
