[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] monowall 2 monowall
 Date:  Thu, 31 Mar 2005 15:19:40 -0500
On Thu, 31 Mar 2005 14:40:06 -0500, JSimoneau at lmtcs dot com
<JSimoneau at lmtcs dot com> wrote:
> Toby,
> So you've got two monowalls, that can be connected together with a
> crossover cable, and you want to do a VPN over that cable?
> Why do a VPN? If you've got two routers and two local subnets that are
> connected by a physical Cat5 cable, just route between the two. No reason
> to make your monowall do all the encryption on either side. VPN can add a
> lot of overhead, especially when we're talking about an embedded system
> like a Soekris or WRAP board.
> Lots of companies have multiple routers and trunks to allow communication
> between subnets. Create a separate subnet for the two OPT ports, and give
> each OPT port on each monowall an ip on those ports. Make sure they can
> ping each other across the OPT interfaces. Then just put in static routes
> on each monowall that essentially say "To go to the private subnet on the
> other monowall, use the IP address on the OPT interfaces".

Agreed.  In most every LAN environment, you don't want to bother with
the overhead and performance hit of IPsec to route between LAN's.