I have NAT and a VPN working BUT I cannot keep the NAT continuously working because the proprietary admin s/w overwrites the iptables nat command I use.
eth0 eth1/ipsec1 (VPN endpoint
left=...)
192.168.1.128 --> 203.x.x.x
--->
(VPN endpoint (rightsubnet=...)
right=...)
cisco whatever --> 203.x.x.x
after the VPN comes up, I issue
/usr/local/bin/iptables -t nat -A POSTROUTING -o ipsec1 -j MASQUERADE
and everything is fine, but of course the rule gets clobbered by the web interface at restart, and other 'save filter' times.
What are the chances of astaro building in auto generation of this NAT rule (which would need to be called from _updown) into the admin interface? The problem at the moment is that freeswan is chrooted which complicates things a little without the source for the admin interface. ;-(
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.