[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] monowall 2 monowall
 Date:  Thu, 31 Mar 2005 15:19:40 -0500
On Thu, 31 Mar 2005 14:40:06 -0500, JSimoneau at lmtcs dot com
<JSimoneau at lmtcs dot com> wrote:
> Toby,
> 
> So you've got two monowalls, that can be connected together with a
> crossover cable, and you want to do a VPN over that cable?
> 
> Why do a VPN? If you've got two routers and two local subnets that are
> connected by a physical Cat5 cable, just route between the two. No reason
> to make your monowall do all the encryption on either side. VPN can add a
> lot of overhead, especially when we're talking about an embedded system
> like a Soekris or WRAP board.
> 
> Lots of companies have multiple routers and trunks to allow communication
> between subnets. Create a separate subnet for the two OPT ports, and give
> each OPT port on each monowall an ip on those ports. Make sure they can
> ping each other across the OPT interfaces. Then just put in static routes
> on each monowall that essentially say "To go to the private subnet on the
> other monowall, use the IP address on the OPT interfaces".
> 

Agreed.  In most every LAN environment, you don't want to bother with
the overhead and performance hit of IPsec to route between LAN's.

-Chris