[plug] IPsec and MTU

Bernard Blackham bernard at blackham.com.au
Wed Nov 24 18:11:57 WST 2004


On Wed, Nov 24, 2004 at 12:24:19PM +0800, Adrian Woodley wrote:
> Minus-Tirith:~# ping -I 192.168.1.1 192.168.2.1
> PING 192.168.2.1 (192.168.2.1) from 192.168.1.1 : 56(84) bytes of data.
> 64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=30.7 ms
> 
> I can't SNAT the gateway's address as SNAT applies to POSTROUTING, ie 
> after the packet should be on the VPN.
> 
> Any ideas on how I can get the ICMP packets to be sent from the LAN 
> address and be transmitted over the VPN?

Using iproute2:

ip route add 192.168.2.0/24 via gateway.ip (or dev) src 192.168.1.1

The src bit on the end should do the trick.

Bernard.

-- 
 Bernard Blackham <bernard at blackham dot com dot au>



More information about the plug mailing list