Re: [m0n0wall] Site to Site IPSEC VPN with multiple LAN Subnets on one side.

From:	Chris Buechler <cbuechler at gmail dot com>
To:	sys read <sysread at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Site to Site IPSEC VPN with multiple LAN Subnets on one side.
Date:	Thu, 21 Apr 2005 01:46:26 -0400

On 4/20/05, sys read <sysread at gmail dot com> wrote:
> Hello all,
> 
> I'm evaluating m0n0wall for use as our corporate O2O VPN setup.
> Here's the scenario.
> ( BTW, IP addresses are made up, the subnet masking is real )
> 
> Corporate has three internal networks:
> 
> 192.168.3.0/24
> 10.1.0.0/22
> 10.1.12.0/22
> 
>   m0n0wall:
>     external: 201.52.32.34/27
>     internal: 10.1.0.5
> 
> Remote site has one internal network:
> 
> 10.1.128.0/24
> 
>    m0n0wall:
>        external: 203.123.63.195/24
>        internal: 10.1.128.1
> 
> I've got the IPSEC tunnel working between the two sites.  I used a
> 10.1.0.0/17 network supermask to get both 10.1.1.0/22 and 10.1.12.0/22
> in the VPN tunnel.  The problem is that I can't get to 192.168.3.0 no
> matter what I do.  I've read FAQ 13.30 (
> http://m0n0.ch/wall/docbook/faq-ipsec-multiple-subnets.html ) and it
> doesn't really help ( well, it doesn't give enough specifics ).  I
> can't summarize the 192.168.3.0/24 subnet into 10.1.0.0/17 ( which I
> did for the other two networks ).  I've tried 13.30.2, but every
> incantation fails.   

Others have used the method in 13.30.2, which is why I added it.  I
haven't tried it myself, but I know there is more than one person out
there using a setup as described there.  I know it's light on details,
simply because I've never tried it myself (it's on my list of things
to try out).

Maybe someone that has this setup successfully can comment further. 
Those of you that are running similar setups, I'd like to know how you
have it set up for the sake of clarifying that FAQ (email me off
list).

-Chris