Re: [Users] incorrect or missing nexthop setting

I made following changes on public side:

config setup

        interfaces="%defaultroute"
conn road

	left="%defaultroute"
	leftsubnet=62.1.1.104/29
	right=%any
	rightnexthop= <-- UNUSED
	auto=add

> BTW, you need to change "leftnexthop", not "rightnexthop". If

Surely, I had also meant that.

> So, your packets initially have to go through NAT to your peer?

Yes, all packet are going through POSTROUTING-CHAIN with SNAT

> Possible solution: I'd work around this via NAT trickery.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

This string work fine in PREROUTING-Chain, thanks.

> iptables -t nat -A PREROUTING -p 50 -d 66.1.1.105 -j DNAT

And I do not need these, since ipsec0 is on eth0 and ESP is acceptet on INPUT-Chain on eth0 by default.

Finaly i must say it works very well.

Thanks for your help.

Jan Brand