Re: [m0n0wall] Private site to site IPSEC VPN

From:	Vincent Fleuranceau <vincent at bikost dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Private site to site IPSEC VPN
Date:	Sat, 05 Feb 2005 11:10:33 +0100

> Hello all
> Is it possible to create a private site to site IPSEC VPN over the 
> internet between two points with Monowall. We are trying to route all 
> packets from a small branch office over a VPN on the internet to a main 
> campus regardless of the destination, emulating a point to point link. 
> We are using DSL link for the office and a dedicated Internet connection 
> for the main campus. Using 1.2b3 we created a tunnel between the two 
> locations but any packets from the office destined for the Internet are 
> not making it to the campus Monowall server, they are hitting the office 
> Monowall server and then being routed directly to and from the internet. 
> Packets to and from the main campus do travel over the IPSEC tunnel.
> Is this possible with Monowall?
> 

AFAIK:

Being able to bind your default route to a dedicated interface would
help, but unfortunately IPsec implementation in m0n0wall does not use
such a special interface... (NOTE: you may have the same limitation with
other IPsec implementations, not only with racoon/m0n0wall)

In conclusion, only traffic destined to the remote LAN can be routed
through the tunnel.

Cheers,

-- Vincent