Hi Mark, here is an IKEv2 example where the clients are NAT-ed to the virtual IP of the gateway:
http://www.strongswan.org/uml/testresults5/ikev2/nat-virtual-ip/ In order to automatically insert the NAT iptables rules you need a special updown scripts I wrote a couple of years ago: http://git.strongswan.org/?p=strongswan.git;a=blob;f=testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown;h=aab1df687484362b2c16eaf6bd30d05b3590520a;hb=HEAD Best regards Andreas On 07/22/2012 08:53 AM, Mark M wrote: > Hi, > > I am running a mobile road warrior client with strongSwan connecting to > a strongSwan gateway. The mobile client has two interfaces, one for an > inside subnet and one for the WAN connection. Behind my mobile client on > the LAN side, I have another host that I would like to connect through > the mobile client using NAT. Kinda like if i used my laptop as a mobile > hotspot for other clients to connect to and all their connections are > sent to my strongSwan gateway. I tried to setup NAT using iptables with > the inside interface and the outside interface and it does not work. I > looked around on old emails and i think what i am looking to do is it > NAT before ESP. I need to NAT my LAN client to the virtual IP address or > the outside WAN interface before it gets sent down the tunnel to my > strongSwan gateway. I was looking at the older emails about the updown > scripts but I can't find one for IKEv2 and charon. I also read that > there was work being done on a leftnat parameter but work on it was halted. > > Is there any way I can do this? > > Thanks > > Mark- -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
