[ previous ] [ next ] [ threads ]
 
 From:  Rolf Sommerhalder <rolf dot sommerhalder at alumni dot ethz dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ARP Proxy for Sub-Subnet Extraction
 Date:  Sat, 13 Nov 2004 23:11:55 +0100
Now also got the "main" authentication mode (not "normal") working fine.

The problem was that the main mode insists on "IP address" setting of 
"My Identifier", whereas I had set "Domain name" in agressive mode.
The error messges in the log provided enough hints to solve this problem.

To sum up, extracting a sub-subnet via an IPSec VPN tunnel between two 
m0n0wall v1.2b2 works fine.
m0n0local runs ARP proxy on the LAN interface to "attract" traffic for 
the remote sub-subnet without adding any additional route.
m0n0remote runs the DHCP server on its LAN interface to dish out 
extracted IP addresses from the sub-subnet range, and provides clients 
also with the VPN tunnel end-point as remote default gateway (and DNS 
forwarder).

Rolf