|
||||||||
Now also got the "main" authentication mode (not "normal") working fine. The problem was that the main mode insists on "IP address" setting of "My Identifier", whereas I had set "Domain name" in agressive mode. The error messges in the log provided enough hints to solve this problem. To sum up, extracting a sub-subnet via an IPSec VPN tunnel between two m0n0wall v1.2b2 works fine. m0n0local runs ARP proxy on the LAN interface to "attract" traffic for the remote sub-subnet without adding any additional route. m0n0remote runs the DHCP server on its LAN interface to dish out extracted IP addresses from the sub-subnet range, and provides clients also with the VPN tunnel end-point as remote default gateway (and DNS forwarder). Rolf |