Andreas,
I am not sure what the variables are, can you please explain to me what the
PH_IP_ALICE, $PLUTO_PEER_CLIENT, and $PLUTO_MY_SOURCEIP are supposed to be?
also when i bring up the connection it gives me the unknown verb 'up-client'
error and if i remove that line i get the following,
Jul 22 20:41:14 14[CHD] updown: /etc/nat_updown1: line 21: syntax error near
unexpected token `-A'
Are there any examples anywhere showing a working updown script for what I am
trying to do?
Thanks,
Mark-
________________________________
From: Andreas Steffen <[email protected]>
To: Mark M <[email protected]>
Cc: "[email protected]" <[email protected]>
Sent: Sunday, July 22, 2012 4:43 PM
Subject: Re: [strongSwan] How to do NAT before ESP? having trouble
Hi Mark,
here is an IKEv2 example where the clients are NAT-ed to the
virtual IP of the gateway:
http://www.strongswan.org/uml/testresults5/ikev2/nat-virtual-ip/
In order to automatically insert the NAT iptables rules you need
a special updown scripts I wrote a couple of years ago:
http://git.strongswan.org/?p=strongswan.git;a=blob;f=testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown;h=aab1df687484362b2c16eaf6bd30d05b3590520a;hb=HEAD
Best regards
Andreas
On 07/22/2012 08:53 AM, Mark M wrote:
> Hi,
>
> I am running a mobile road warrior client with strongSwan connecting to
> a strongSwan gateway. The mobile client has two interfaces, one for an
> inside subnet and one for the WAN connection. Behind my mobile client on
> the LAN side, I have another host that I would like to connect through
> the mobile client using NAT. Kinda like if i used my laptop as a mobile
> hotspot for other clients to connect to and all their connections are
> sent to my strongSwan gateway. I tried to setup NAT using iptables with
> the inside interface and the outside interface and it does not work. I
> looked around on old emails and i think what i am looking to do is it
> NAT before ESP. I need to NAT my LAN client to the virtual IP address or
> the outside WAN interface before it gets sent down the tunnel to my
> strongSwan gateway. I was looking at the older emails about the updown
> scripts but I can't find one for IKEv2 and charon. I also read that
> there was work being done on a leftnat parameter but work on it was halted.
>
> Is there any way I can do this?
>
> Thanks
>
> Mark-
--
======================================================================
Andreas Steffen [email protected]
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
