On 7/14/10 9:14 AM, Brian J. Murrell wrote: > Hi all,q > > I am using shorewall 4.4.6 on an ipsec road warrior. I am trying to > figure out how to configure so that traffic from a subnet of the road > warrior is SNATted before being encrypted and routed into the ipsec > tunnel. In essence I want to masquerade this subnet into the VPN. > > The VPN for this road warrior is the default route, so all traffic from > this road warrior should be directed into the ipsec tunnel. The ipsec > tunnelling is managed by another piece of software so I have zero > ability to reconfigure it and I have zero ability to change the > configuration of the remote end or the policy.
Near as I can tell, you should simply need to: a) Add an IPSEC tunnel to /etc/shorewall/tunnels. b) Use a standard two-interface configuration; MASQUERADE traffic coming from the kvm subnet. That's it. Since traffic to/from the default gateway is either all encrypted or all en clair (depending on whether the IPSEC client is active or not), I see no reason to differentiate the two cases. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
