[ previous ] [ next ] [ threads ]
 
 From:  Danny Puckett <dpuckett at comresource dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Routing over IPSEC
 Date:  Sat, 29 Jan 2005 17:29:42 -0500
Creating a seperate tunnel did work but in a larger environment with 
many subnets on each side this would quickly become a administrative 
pain.  How difficult is it to add support for the GIF interface?  Or is 
OpenVPN now the prefered option for this scenario

Keith Redfield wrote:
> Further to this..with the OpenVPN client-server is this issue resolved? - i.e. we can create
m0n0<->m0n0 tunnels which support routing protocols? Has anyone tried?
>  
> Thanks,
>  
> -Keith
> 
> ________________________________
> 
> From: Keith Redfield [mailto:kredfield at airsurfwireless dot com]
> Sent: Fri 1/28/2005 12:09 PM
> To: Danny Puckett; Danny Puckett; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Routing over IPSEC
> 
> 
> 
> Hi Danny
> 
> Welcome to the club..;0
> 
> I just posted a day or so ago with the same problem. The short answer is you need to set up a VPN
for each remote network/subnet you need to reach. I am up to 3...
> 
> The VPN apparently doesn't really act as a default gateway in the way that I (or you perhaps)
expected - it will only forward packets destined for the remote network which terminnates the VPN 
(hopefully Chris will chime in if I'm getting this wrong).
> 
> The good news is that the VPN local subnet doesn't have to be resident on m0n0 so long as m0n0 has
a route to that subnet.
> 
> Hope this helps.
> 
> Cheers,
> 
> -Keith
> 
> ________________________________
> 
> From: Danny Puckett [mailto:dpuckett at comresource dot com]
> Sent: Fri 1/28/2005 11:18 AM
> To: Danny Puckett; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Routing over IPSEC
> 
> 
> 
> That should read 192.168.3.0 to 192.168.100.0  Sorry
> 
> 
>>-----Original Message-----
>>From: Danny Puckett [mailto:dpuckett at comresource dot com]
>>Sent: Friday, January 28, 2005 2:07 PM
>>To: m0n0wall at lists dot m0n0 dot ch
>>Subject: [m0n0wall] Routing over IPSEC
>>
>>I have a config as show below.  I have an IPSEC tunnel
>>From m0n0wall1 to m0n0wall2.  The 192.168.2.0 and the 192.168.3.0
>>Networks can see each other.  How do I enable the 192.168.3.0 and
>>192.168.200.0 networks see each other.  There does not seem to be
>>A way to add a static route for that subnet to route across the tunnel
>>
>>
>>         -----------                        -----------
>>        |           |                      |           |
>>        | m0n0wall1 |INETIP1--------INETIP2| m0n0wall2 |
>>        |           |                      |           |
>>         -----------                        -----------
>>         192.168.2.1                        192.168.3.1
>>              |                                   |
>>              |                                   |
>>              |                                   |
>>              |
>>         192.168.2.2                        192.168.3.x
>>         -----------
>>        |           |
>>        |  ISA2004  |
>>        |           |
>>         -----------
>>       192.168.100.254
>>              |
>>              |
>>              |
>>        192.168.100.1
>>         -----------
>>        |           |
>>        |  W2K3DNS  |
>>        |           |
>>         -----------
> 
> 
> 
> 
> 
> 
smime.p7s (3.7 KB, application/x-pkcs7-signature)