Ipsec - routing private subnet public

From Skytech
Jump to navigation Jump to search


Ipsec

While setting up ipsec - and findout that you can reach one network but not the other by seeing the working network (on both routes) routes via the ipsec tunnel from private <==> private net.

On the other network you see the router (usually multihomed) trying to route traffic to that network from the public interface <==> private net.

One has to tell the router to SNAT to the private net:

## Assuming:
### Destination network: 10.8.139.14/31
### Source network: 192.168.0.0/23
### Routing via private network router/gw: 192.168.0.250

$IPT -t nat -A POSTROUTING -d 10.8.139.14/31 -s 192.168.0.0/23 -j SNAT --to-source 192.168.0.250