[ previous ] [ next ] [ threads ]
 
 From:  sys read <sysread at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Site to Site IPSEC VPN with multiple LAN Subnets on one side.
 Date:  Wed, 20 Apr 2005 08:36:34 -0700 
Hello all,

I'm evaluating m0n0wall for use as our corporate O2O VPN setup. 
Here's the scenario.
 ( BTW, IP addresses are made up, the subnet masking is real )

Corporate has three internal networks:

192.168.3.0/24 
10.1.0.0/22
10.1.12.0/22

   m0n0wall:
     external: 201.52.32.34/27
     internal: 10.1.0.5

Remote site has one internal network:

10.1.128.0/24

    m0n0wall:
        external: 203.123.63.195/24
        internal: 10.1.128.1

I've got the IPSEC tunnel working between the two sites.  I used a
10.1.0.0/17 network supermask to get both 10.1.1.0/22 and 10.1.12.0/22
in the VPN tunnel.  The problem is that I can't get to 192.168.3.0 no
matter what I do.  I've read FAQ 13.30 (
http://m0n0.ch/wall/docbook/faq-ipsec-multiple-subnets.html ) and it
doesn't really help ( well, it doesn't give enough specifics ).  I
can't summarize the 192.168.3.0/24 subnet into 10.1.0.0/17 ( which I
did for the other two networks ).  I've tried 13.30.2, but every
incantation fails.   I've also tried adding static routes, but to no
avail.  has anyone done this before?

thanks

-sysread