[ previous ] [ next ] [ threads ]
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  "Chris Buechler" <cbuechler at gmail dot com>, "sys read" <sysread at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  AW: [m0n0wall] Site to Site IPSEC VPN with multiple LAN Subnets on one side.
 Date:  Thu, 21 Apr 2005 08:29:55 +0200
Ok, I have done something similiar to that. Here is how it goes:

On each side create 3 identifiers for the tunnel endpoints.
(you'll need 3 parallel tunnels for that setup)
identifier: subnet1, secret: secret1
identifier: subnet2, secret: secret2
identifier: subnet3, secret: secret3

create the first tunnel between both m0n0s like you did but use identifier subnet1 on both sides
with it's secret.
Local net on corporate side is, remote is
Be sure to use "aggressive mode" as mainmode won't work for identifiers other than you static IP.

Create the second tunnel between both m0n0s, exactly the same way, but using identifier subnet 2 now
Local net on corporate side is now, remote is still

The third tunnel should look like this: identifier subnet3, local on corporate, remote

(by the way, if subnet 3 for example can't be reached directly by the m0n0 at the corporate side
using a static route on corporate m0n0 with the appropriate gateway will make it reachable too).

Apply everything and all tunnels should come up when needed.


-----Ursprüngliche Nachricht-----
Von: Chris Buechler [mailto:cbuechler at gmail dot com]
Gesendet: Donnerstag, 21. April 2005 07:46
An: sys read
Cc: m0n0wall at lists dot m0n0 dot ch
Betreff: Re: [m0n0wall] Site to Site IPSEC VPN with multiple LAN Subnets
on one side.

On 4/20/05, sys read <sysread at gmail dot com> wrote:
> Hello all,
> I'm evaluating m0n0wall for use as our corporate O2O VPN setup.
> Here's the scenario.
> ( BTW, IP addresses are made up, the subnet masking is real )
> Corporate has three internal networks:
>   m0n0wall:
>     external:
>     internal:
> Remote site has one internal network:
>    m0n0wall:
>        external:
>        internal:
> I've got the IPSEC tunnel working between the two sites.  I used a
> network supermask to get both and
> in the VPN tunnel.  The problem is that I can't get to no
> matter what I do.  I've read FAQ 13.30 (
> http://m0n0.ch/wall/docbook/faq-ipsec-multiple-subnets.html ) and it
> doesn't really help ( well, it doesn't give enough specifics ).  I
> can't summarize the subnet into ( which I
> did for the other two networks ).  I've tried 13.30.2, but every
> incantation fails.   

Others have used the method in 13.30.2, which is why I added it.  I
haven't tried it myself, but I know there is more than one person out
there using a setup as described there.  I know it's light on details,
simply because I've never tried it myself (it's on my list of things
to try out).

Maybe someone that has this setup successfully can comment further. 
Those of you that are running similar setups, I'd like to know how you
have it set up for the sake of clarifying that FAQ (email me off


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Virus checked by G DATA AntiVirusKit