[ previous ] [ next ] [ threads ]
 
 From:  JSimoneau at lmtcs dot com
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] monowall 2 monowall
 Date:  Thu, 31 Mar 2005 14:40:06 -0500 
Toby,

So you've got two monowalls, that can be connected together with a
crossover cable, and you want to do a VPN over that cable?

Why do a VPN? If you've got two routers and two local subnets that are
connected by a physical Cat5 cable, just route between the two. No reason
to make your monowall do all the encryption on either side. VPN can add a
lot of overhead, especially when we're talking about an embedded system
like a Soekris or WRAP board.

Lots of companies have multiple routers and trunks to allow communication
between subnets. Create a separate subnet for the two OPT ports, and give
each OPT port on each monowall an ip on those ports. Make sure they can
ping each other across the OPT interfaces. Then just put in static routes
on each monowall that essentially say "To go to the private subnet on the
other monowall, use the IP address on the OPT interfaces".

If this is unclear, let me know!

Regards,
Josh Simoneau

-----Original Message-----
From: bob bobson [mailto:athletesfoot80 at hotmail dot com] 
Sent: Thursday, March 31, 2005 12:15 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] monowall 2 monowall

I have two networks and routers on separate adsl lines, now i can use mono
to mono vpn which goes out through one adsl line then back into the other
adsl line (both have static public ip's). Both networks behind the
monowall's are located in the same building.

My question is that could it be possible to do the vpn using the opt1
interfaces between the vpn networks using a cross over cable, the
advantage being that the vpn would go over a LAN speed line.
What static routes and firewall rules would i require if this is possible,
as i understand that when you setup a vpn rule using the wan interface
these are all added automatically and not viewable from the gui.

If this configuration is not possible would it be possible to put one
switch between both wan interfaces of the monowall's and assign ip alias's
(192's
etc) to these wan interfaces and vpn on these alias's.

I hope this makes sense, and is possible as this could really help out the
messy two networks on one physical segment problem.

Toby Seed

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch