Hello Frank, starting with the Linux 2.6.16 kernel NAT before ESP is no problem. You can either map your home network to the outer address of the roadwarrior:
http://www.strongswan.org/uml/testresults44/ikev1/nat-before-esp/ or you can map it to the inner virtual IP address which the roadwarrior gets via Configuration Payload (IKEv2) or ModeConfig (IKEv1) from the remote VPN gateway: http://www.strongswan.org/uml/testresults44/ikev2/nat-virtual-ip/ This NAT rule can be automatically inserted using a modified updown script: http://git.strongswan.org/?p=strongswan.git;a=blob;f=testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown;h=aab1df687484362b2c16eaf6bd30d05b3590520a;hb=HEAD Best regards Andreas On 27.07.2010 09:02, Frank Liu wrote: > Hi all, > > I have a setup like the picture shown here > http://www.logix.cz/michal/devel/ipsec-tools/nat26.xp > Home Linux 2.6.34 firewall runs Strongswan as roadwarrior. It can > reach company network fine. How can I NAT the whole home network so > that computers at home can talk to the company network? > > Thanks! > Frank ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
