Your problem is the typical configuration and is really easy to make it
If you don't do nothing all the computers behind a m0n0 can go to internet
using the connection to the "WAN" port, if you define one o more tunnels
between the to buildings including all your private networks when you start
trying to reach any of the nets at the other side of the tunnel m0n0 up the
required tunnel and start using it, for the rest of the traffic all continue
going out using the WAN port and if you are using it the NAT translation.
One important think is if in any of the networks you have defined a default
gateway different of the m0n0wall you need to declare on it the route for
the other building using the m0n0 to reach it.
> -----Mensaje original-----
> De: Christophe De Coninck [mailto:god8y at rds dash clan dot be]
> Enviado el: Thursday, May 05, 2005 1:30 PM
> Para: m0n0wall at lists dot m0n0 dot ch
> Asunto: [m0n0wall] IPSEC tunnel questions
> Soon I will have a second m0n0wall in another building in the
> city and I was wondering if I can combine the two m0n0wall
> together trough an ipsec tunnel, I'm sure this part will
> work, but the next things I want might be a bit hard or
> unrealisable: I want to surf trough the internet of the
> m0n0wall from the building itself (not going through the tunnel for
> surfing) and I was also wondering if it would be possible
> when using the tunnel to acces the whole internal network
> behind the m0n0wall.
> if there's something missing to answer my questions, just ask
> what you want and I will be willing to answer them as soon as I can.
> Christophe De Coninck | Zarek K
> mailto: info at zarekk dot be mailto: god8y at rds dash clan dot be