[ previous ] [ next ] [ threads ]
 From:  Rick Preston <rickjpreston at gmail dot com>
 To:  Markus Fischer <markus at fischer dot name>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC and access from complete internal LAN to tunneled subnet
 Date:  Wed, 23 Mar 2005 06:55:18 -0500
Hi Markus,

I believe all you need to do is make a firewall rule allowing traffic
from 10/8 to 192.168.x/24.  I had the same thing when I set up my
tunnel to tunnel.


On Wed, 23 Mar 2005 08:19:39 +0100, Markus Fischer <markus at fischer dot name> wrote:
> Hi,
> I'm so far very pleased with m0n0wall, but couldn't find out this thing.
> I've successfully established an IPSEC tunnel from our 10/8 net to
> another 192.168.x/24 net over the internet. Sending a ping from m0n0wall
> directly to a machine in the tunneled 192 net works, but I'm unable to
> find out how I can from any machine withing 10/8 access the 192.168.x/24
> net.
> When I ping from 10/8 to a machine in 192.168.x./24 the ping reaches the
> default gateway of m0n0wall which is the gateway of my provider so I
> think I've to somehow tell m0n0wall "all requests from my lan (10/8) to
> the subnet 192.168.x/24 should be sent over the tunnel". Unfortunately I
> can't work out the "should be sent over the tunnel" part. I guess I need
> to set a route somewhere, but I don't know if I need a static route, a
> outband NAT route, etc.
> Here's a short overview of the network
> LAN (10/8) - m0n0wall - Internet - other tunnel endpoint - 192.168.x/24
> Ping works from m0n0wall -> 192.168.x/24 but not from LAN (10/8) ->
> 192.168.x/24. Or any other TCP service.
> Any help is very appreciated,
> regards,
> - Markus
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch