2011/9/14 Kevin VPN <[email protected]>: > Ok, it does seem that the tunnel is working and that it is the NAT/SPI that > is not working. The response packet from the remote LAN does pop out of the > tunnel, addressed to the Shrew client host. At this point the NAT should be > undone and the response packet sent on its way to 10.0.4.18.
Yes, that's my understanding of how it should work. > Unfortunately, we're reaching the end of my usefulness. I've never played > with iptables and NAT, so I'm only guessing now where to go on debugging > this. Well, thank you anyway for your time. > I'm wondering if part of the problem is this business where the packet > coming in is NATted to the Shrew virtual adapter IP. Maybe you could try > using PREROUTING and have it NATted to the Shrew box's LAN IP instead of the > Shrew IP. Ah, that's an interesting suggestion. I'll play with it and let you know. Thanks again! _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
