[ previous ] [ next ] [ threads ]
 
 From:  "Michael Iedema" <iedemam at pluto dot dsu dot edu>
 To:  <pacneil at linuxgeek dot net>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] ipsec over wireless route
 Date:  Thu, 18 Dec 2003 21:11:04 -0600
Neil,
I've setup a link similar to this.  It was to allow filesharing between
two houses without depending on our ISP's speed.

Are you configuring your far end to have the WLAN as the WAN port?  This
is the best way I came up with.

Each house has 2 m0n0wall boxes, one for an internet connection, and one
on the roof to beam over to the other house.  The gateway m0n0wall boxes
have static routes pointing to the other person's LAN with the next hop
being the roof.

Each rooftop box (4511's) is configured with SIS0=LAN, WI0=WAN.  An
IPSEC tunnel is configured between these two boxes' WAN interface.

Crude Art:

    (LAN1)                          (LAN2)
	ROOFTOP1  ~~~~~~~~~~~~~~~~~~~  ROOFTOP2
      /      \                       /       \
     /        \                     /         \
   LAN         \			    LAN          \ 
192.168.0.200   \              192.168.2.200    \
		   WAN 192.168.50.1              WAN 192.168.50.2

LAN1
GATEWAY = 192.168.0.1
ST.RT.  = 192.168.2.0/24 -> 192.168.0.200
ST.RT.  = 192.168.50.0/24 -> 192.168.0.200

LAN2
GATEWAY = 192.168.2.1
ST.RT.  = 192.168.0.0/24 -> 192.168.2.200
ST.RT.  = 192.168.50.0/24 -> 192.168.2.200


I know this explanation is more about my setup than helping you with
yours, but it may lead you in the right direction...maybe.

E-mail me back if you have any questions and I can go into more detail
once I figure out what you've done.

--Michael I.

> -----Original Message-----
> From: Neil Schneider [mailto:pacneil at linuxgeek dot net] 
> Sent: Thursday, December 18, 2003 6:12 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] ipsec over wireless route
> 
> 
> 
> Well being courteous and giving props to Manuel got me zero 
> answers. Maybe
> I should get nasty and curse! :) I hope I get some response this time,
> that at least indicates my mail is going out. Even if it's to 
> tell me what
> a stupid idiot I am. :)
> 
> I'm trying to configure a wireless connection to carry ipsec. 
> I have two
> Soekris N4501 with Netgate EL-2511MP PLUS Mini PCI cards. I 
> know they're
> communicating and I have successfully set up routing and had 
> everything
> working between them. Now I try to impliment ipsec.
> 
> I'll call the two machines "Hub" and "Satelite" for 
> simplicity. Satelite
> has only a wireless connection, which is going to route 
> through Hub. From
> looking at the logs and messing with the configuration it 
> seems that Hub
> wants to find Satelites route through it's default route 
> instead of the
> wireless interface. This confuses me because the "netstat 
> -rn" shows that
> Hub has a route to Satelite. Why would it want to set up it's tunnel
> through the default route when Satelite's route is known? Is 
> there some
> built in assumption that all tunnels will go through the 
> default route, or
> is there an option I'm missing?
> 
> Here's a crude asci drawing:
> 
>                            Hub           Satelite
>                            |_|---- WLAN ----|_|
>                            / \                \
>                           /   \                \
>                          LAN  WAN               LAN
> 
> 
> -- 
> Neil Schneider                              
> pacneil_at_linuxgeek_dot_net
>                                            http://www.paccomp.com
> Key fingerprint = 67F0 E493 FCC0 0A8C 769B  8209 32D7 1DB1 8460 C47D
> 
> Clothes make the man. Naked people have little or no 
> influence on society.
> -- Mark Twain
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>