[ previous ] [ next ] [ threads ]
 
 From:  "Damian" <druiz at rochman dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Cc:  <Thorsten dot Ziep at web dot de>, "'Chris Buechler'" <cbuechler at gmail dot com>
 Subject:  RE: [m0n0wall] Ipsec between two opt1 lans
 Date:  Fri, 8 Apr 2005 10:33:17 +0200 
> 
> On Apr 7, 2005 9:35 AM, Damian <druiz at rochman dot net> wrote:
> > The Ciscos has the function of linking the 10.1.3 and 10.1.4 (two 
> > locations ahead a mile) and we don't want to touch anything 
> in these 
> > equipes. (first
> > rule: don't touch if they rules)
> > The m0n0s has the function of lan control of the wifi 
> equipment, and the
> > question is because i tried without luck to make a 
> connection between all
> > lans (from laptop in 10.1.1 to fileserver in 10.1.4 and 
> viceversa from
> > laptop in 10.1.2 to another fileserver in 10.1.3)
> > The primary reason for choose the tunnel link is to don't 
> touch the ciscos.
> > 
> 
> Solid reasoning.  You should be able to route across though, 
> assuming everything along the line has all the appropriate 
> routes.  (the Ciscos would need to know about both the 
> networks behind m0n0wall in their routing tables)  That's 
> probably the easiest thing to do.  If you can't hit one of 
> them from the other side, setting up a VPN tunnel will be 
> even more frustrating.

Both m0n0s are reachable between each ones, and to my ciscos is normal to
don't know about another routes more than the minimal owns.

> Set up firewall rules on the WAN of both m0n0walls to permit 
> ICMP and ping from one m0n0wall to the other in both 
> directions.  If that doesn't work, your Ciscos are likely 
> missing routes.
> 
> Oh, and in this situation you'll likely want to enable 
> advanced outbound NAT so m0n0wall just routes since you have 
> no need for NAT in this scenario.
> 
> -Chris

To the ipsec viewpoint is there any differencies between to use the wan ifs
or the opt1 ifs?
So, if i setup a tunnel between the two opt1 interfaces (terminating on
them), between the two wireless networks (10.1.2 and 10.1.3), and default gw
on the laptops to the anothers networks, i could get the desired effect of
interconnect all networks?
In this manner, as long as i know, the laptops will connect to any host in
any network because the m0n0s knows every network they have attached to they
ifs.

I'm right?