[ previous ] [ next ] [ threads ]
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Alen Stimec" <alenstimec at gmail dot com>
 Cc:  "m0n0wall" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: VPN found the solution
 Date:  Tue, 13 Dec 2005 18:12:10 +0100
Aaah, now I get it.

The ip was the local subnet (it had nothing todo with outer endpoint

You need NAT to do this and a virtual interface which will run the

IIRC freebsd (or maybe it was under linux) has a dummy interface which
you can assign IP's to it.

For your situation you have to enable nat for your local lan with
destination the remote subnet and with NAT ip the /32 ip


> -----Oorspronkelijk bericht-----
> Van: Alen Stimec [mailto:alenstimec at gmail dot com]
> Verzonden: dinsdag 13 december 2005 18:08
> Aan: Jonathan De Graeve
> CC: m0n0wall at lists dot m0n0 dot ch
> Onderwerp: VPN found the solution
> Hello!
> My LAN is in range
> My Wan Is and ADSL PPoE connection
> As I said I had to Build a VPN to a Site with
> aggressive/des/md5/dh1/preshared key BUT
> The other side wanted me to have a certain IP ( in LAN
> subnet that will open the IPSEC.
> So what I did. I puted another Ethernet Card "OPT1" in the machine,
> plug it in LAN switch/hub, Defined IP settings as the Other IPSEC side
> wanted e.g.
> In IPsec defined:
> Interface: WAN
> Local subnet: single host ( /the IP that they require.
> Remote subnet: 151.x.x.x
> remote gateway: Foo.domain.com
> etc.
> Now if i go to Monowall  and press PING/Traceroute
> and select:
> ping : remote IP 151.x.x.x
> Interface : OPT1
> The tunnel is Established.
> Now. THERE should be an easyest way to do the same thing i did so..
> Basicaly I need if I select in IPSEC "single IP" and put the IP i
> mentioned before ( the tunnel from The LAN cannot be
> established because my LAN is range.
> so far i did the tunell..it works but i would appreciate some more
> help from All out there, pls
> :)
> Alen