Hello Sean, strongSwan doesn't care about what you do with the traffic. It only negotiates the IKE_SA and CHILD_SAs. What you do after they're established doesn't matter for strongSwan.
On 26.02.2016 22:07, Sean Courtney wrote: > Hi Noel, > > I looked at the man for iptables-extensions. i guess i don't want > netmap at all...i want snat. Does strongswan support snat? > > Thanks, > Sean > > On Fri, Feb 26, 2016 at 3:54 PM, Noel Kuntze <[email protected]> wrote: >> > Hello Sean, >> > >> > Please always send your email to the mailing list, too. >> > The scenario only shows the *filter table of iptables, but NAT rules are >> > in the *nat table. >> > You need to look at the source of the scenario in the repository to see >> > all the rules. >> > >> > It's really not that fancy. The iptables target is described on the man >> > page for `iptables` or `iptables-extensions`. >> > >> > >> > On 26.02.2016 21:42, Sean Courtney wrote: >>> >> HI, >>> >> >>> >> I did look at the example outlined here before posting. >>> >> >>> >> https://www.strongswan.org/testing/testresults/ikev2/net2net-same-nets/ >>> >> >>> >> The example uses NETMAP to translate subnets into new subnets with the >>> >> same subnet mask. >>> >> >>> >> I want to do PAT. Is there an example of NETMAP doing PAT? Can NETMAP do >>> >> PAT? >>> >> >>> >> I must be overlooking something so obvious. >>> >> >>> >> Thanks >>> >> >>> >> On Fri, Feb 26, 2016 at 3:12 PM, Noel Kuntze <[email protected]> >>> >> wrote: >>>>> >>> > Hello Sean, >>>>> >>> > >>>>>>> >>>> >> I really want to PAT my IPSEC'd subnets. Is there anyone to PAT >>>>>>> >>>> >> an >>>>>>> >>>> >> entire subnet with StrongSwan? >>>>> >>> > Handling the traffic is done in the kernel. >>>>> >>> > Use the NETMAP target in iptables and negotiate policies that >>>>> >>> > secure the traffic between >>>>> >>> > your desired subnet and the remote side. >>>>> >>> > >>>>> >>> > -- >>>>> >>> > >>>>> >>> > Mit freundlichen Grüßen/Kind Regards, >>>>> >>> > Noel Kuntze >>>>> >>> > >>>>> >>> > GPG Key ID: 0x63EC6658 >>>>> >>> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >>>>> >>> > >>>>> >>> > >>> >> >>> >> -- Sean Courtney Ph - 410 878 7833 >> > >> > >> > -- >> > >> > Mit freundlichen Grüßen/Kind Regards, >> > Noel Kuntze >> > >> > GPG Key ID: 0x63EC6658 >> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >> > >> > > > -- Sean Courtney Ph - 410 878 7833 -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
