I have an IPsec VPN established between two monowalls, but I am having
trouble with routing between the remote monowall (monoB) and the
optional subnet on the local monowall (monoA).
Hopefully this diagram will illustrate my configuration:
nic1(LAN) nic1 (LAN)
monoA- nic3 --(WAN)-- nic2 -monoB
nic2 (optional interface:"office")
VPN is established, the IPsec tunnel connects the LAN subnet on monoA
to the LAN subnet on monoB, and I can ping/traceroute between machines
on the LAN on monoA to the LAN on monoB.
When I try to traceroute from LAN on monoB to "office" (192.168.70.0)
on monoA, this traffic naturally tries to go out the WAN. I need this
traffic to go through the VPN tunnel so, I created a static route on
monoB that says to use 192.168.1.1 as gateway to get to
192.168.70.0/24. This does not work, as the traceroute dies after the
first hop, which is monoB itself.
Not surprisingly, I get no further from the other end. From the
"office" subnet, if I try to traceroute to an IP on the LAN of monoB,
it goes out the WAN interface to the internet. Attempts to use a
static route on monoA, directing traffic on the "office"/nic2
interface destined for 192.168.45.0/24 to gateway 192.168.45.1, had no
effect at all-- which puzzles me. Even with this static route defined,
a traceroute from a box on the "office" network to an IP on the LAN
network of monoB showed the route going to the WAN interface and out
to the internet.
Can anyone see the problem with my configuration? Is it simply not
possible to access an optional network/alternate subnet from the other
side of a VPN tunnel?