[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "'Vincent Fleuranceau'" <vincent at bikost dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] VPN possibilities
 Date:  Wed, 3 Nov 2004 09:47:22 -0500
The concept of which "side" you are sitting can be a real problem. My
experience with SonicWall VPN client (customized SafeNet SoftRemoteLT
IPSEC client) is that if the security policy is enabled when the user
is connected to the LAN, the client cannot access resources on the
LAN. The VPN client thinks it needs to connect to the VPN tunnel on
the WAN interface to reach the LAN subnet - while it is on the LAN
subnet. The system gets really confused...

For my clients with laptop users that have SonicWall VPNs, my
instructions are to disable the VPN client while in the office - turn
it on ONLY when not in the office. The same instructions should work
for ANY use of the SafeNet VPN Client - this includes the full SafeNet
product and any other "customized" versions (such as Netgear VPN

James W. McKeand

-----Original Message-----
From: Vincent Fleuranceau [mailto:vincent at bikost dot com] 
Sent: Wednesday, November 03, 2004 5:30 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] VPN possibilities

-------- Original Message --------

> Hi!
> I'd like to make my portable pc a little more portable ;-)
> Mostly it's connected directly to my lan, but I'd like to be able to
> out and connect home via VPN from my own WLAN or from anywhere via
> net.
> But I'd like to do this transparently, so I's like always to make a
> connection to my monowall - also when connected to my LAN.
> I havent played with VPN yet, but has followed the discusions a
> Anyone that has tips on what to use?
> In any case the solution has to automaticaly cope with NAT and other
> stuff, so I just has to plug-and-play the portable pc

The problem is that you won't always seat on the same 'side' of the 
router: sometimes on the WAN side, sometimes on the LAN side...

I don't know if it's a real problem, but I guess IPsec won't like 
this... OpenVPN (if binding all interfaces) may work -- not tested.

-- Vincent

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch