0

I’m working on implementing VPN tunnel IPSec GRE from Natted Linux box with Ubuntu.

I have found a very useful article, related to IPSec-GRE tunnel behind NAT, made with Cisco routers. I have successfully tested and implemented a mock-up in line with this article, where trick is based on the use of Loopback interface for the GRE. https://blog.dest-unreach.be/2008/07/11/terminating-an-ipsec-gre-tunnel-behind-nat

Nevertheless I still am unable to do the same from my Linux machine.

Could you please have a look to the article and let me know if you think I can translate/adapt it to Linux, and what is your feeling about such solution?

Thank you for your help

Junior

Junior
  • 1

1 Answers1

0

Apparently you forgot to use the -t nat table switch in the pre/post-routing instructions.

This is important because it specifies the packet matching table which the command should operate on.

This type of NATing needs all 3 components: PREROUTING - for altering packets as soon as they come in, OUTPUT - for altering locally-generated packets before routing and POSTROUTING - for altering packets as they are about to go out.

Overmind
  • 2,970
  • 2
  • 15
  • 24