[ previous ] [ next ] [ threads ]
 From:  Vincent Fleuranceau <vincent at bikost dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Private site to site IPSEC VPN
 Date:  Sat, 05 Feb 2005 11:10:33 +0100
> Hello all
> Is it possible to create a private site to site IPSEC VPN over the 
> internet between two points with Monowall. We are trying to route all 
> packets from a small branch office over a VPN on the internet to a main 
> campus regardless of the destination, emulating a point to point link. 
> We are using DSL link for the office and a dedicated Internet connection 
> for the main campus. Using 1.2b3 we created a tunnel between the two 
> locations but any packets from the office destined for the Internet are 
> not making it to the campus Monowall server, they are hitting the office 
> Monowall server and then being routed directly to and from the internet. 
> Packets to and from the main campus do travel over the IPSEC tunnel.
> Is this possible with Monowall?


Being able to bind your default route to a dedicated interface would
help, but unfortunately IPsec implementation in m0n0wall does not use
such a special interface... (NOTE: you may have the same limitation with
other IPsec implementations, not only with racoon/m0n0wall)

In conclusion, only traffic destined to the remote LAN can be routed
through the tunnel.


-- Vincent