[ previous ] [ next ] [ threads ]
 From:  Markus Fischer <markus at fischer dot name>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSEC and access from complete internal LAN to tunneled subnet
 Date:  Wed, 23 Mar 2005 08:19:39 +0100

I'm so far very pleased with m0n0wall, but couldn't find out this thing. 
I've successfully established an IPSEC tunnel from our 10/8 net to 
another 192.168.x/24 net over the internet. Sending a ping from m0n0wall 
directly to a machine in the tunneled 192 net works, but I'm unable to 
find out how I can from any machine withing 10/8 access the 192.168.x/24 

When I ping from 10/8 to a machine in 192.168.x./24 the ping reaches the 
default gateway of m0n0wall which is the gateway of my provider so I 
think I've to somehow tell m0n0wall "all requests from my lan (10/8) to 
the subnet 192.168.x/24 should be sent over the tunnel". Unfortunately I 
can't work out the "should be sent over the tunnel" part. I guess I need 
to set a route somewhere, but I don't know if I need a static route, a 
outband NAT route, etc.

Here's a short overview of the network

LAN (10/8) - m0n0wall - Internet - other tunnel endpoint - 192.168.x/24

Ping works from m0n0wall -> 192.168.x/24 but not from LAN (10/8) -> 
192.168.x/24. Or any other TCP service.

Any help is very appreciated,

- Markus