Hi Graham,
I believe Andreas is correct. I just tried this here with my own setup.
You can't depend on the MASQUERADE target if you want to source nat to
the gateway's virtual IP address. This is what the man page says about
MASQUERADE:
Masquerading is equivalent to specifying a mapping to
Joep Gommers wrote:
10.2.0.0/24 however is not a subnet in which the StrongS/WAN box
resides. It resides behind yet another VPN appliance. So the routing
table on the left side would include something like:
to 10.2.0.0/24 via 10.1.0.254 metric 1
However, StrongS/WAN refuses to create the
Jessie Liu wrote:
But If I add leftsourceip=%config in ipsec.conf, the SCTP packets will not go
through the tunnel, but ping packets will. ...If I remove
leftsrouceip=%config from ipsec.conf, the SCTP packets will flow through the
tunnel. Could you give me some hints what is
