IPTables, Mangling & VPN
Posted on 2005-03-16
Quick query, hope someone can aid me. To give some indication of the level of competency, I have already set up a number of Linux machines with iptables, firewalling, bridging, VPN (FreeS/WAN) and various other fun bits & pieces.
My query is simply that I have found a slight problem with getting a pair of established networks to talk to each other through VPN. The VPN itself is fine & working, the specific problem I face is that the two networks are on the same 192.168.16 subnet and there's no liklihood of changing either of the subnets.
What I can visualise is the use of the mangling tables to alter the outgoing packets such that they are of different subclasses before and after the VPN tunnel. For example, network A might consider network B as a local IP address range of 10.10.10.0/24 and the Linux router mangles the 10.10.10.x packets to represent 192.168.16.x at some point before entering the VPN and when packets come out of the VPN, they are similarly reversed.
As a rough outline:
LAN traffic -> Linux router ethx In -> <some form of mangle> -> Linux router ipsecx Out -> etc.
etc. -> Linux router ipsecx In -> <some form of mangle> -> Linux router ethx Out -> LAN traffic.
Unfortunately I don't have access at this time to the set up, so can't follow through any suggestions but would be great if someone has documentation on this kind of set up and what is required.
... or am I just visualising an impossibility?