[ previous ] [ next ] [ threads ]
 
 From:  Alen Stimec <alenstimec at gmail dot com>
 To:  Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: VPN found the solution
 Date:  Tue, 13 Dec 2005 19:28:23 +0200
Thanks for the prompt reply..

I dont understand a word of what i have to do...do you still talk
about m0n0 or i have to switch to some other firewall?

thanks
Alen


2005/12/13, Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>:
> Aaah, now I get it.
>
> The ip was the local subnet (it had nothing todo with outer endpoint
> etc....)
>
> You need NAT to do this and a virtual interface which will run the
> 10.126.33.33
>
> IIRC freebsd (or maybe it was under linux) has a dummy interface which
> you can assign IP's to it.
>
> For your situation you have to enable nat for your local lan with
> destination the remote subnet and with NAT ip the /32 ip
>
> J.
>
> > -----Oorspronkelijk bericht-----
> > Van: Alen Stimec [mailto:alenstimec at gmail dot com]
> > Verzonden: dinsdag 13 december 2005 18:08
> > Aan: Jonathan De Graeve
> > CC: m0n0wall at lists dot m0n0 dot ch
> > Onderwerp: VPN found the solution
> >
> > Hello!
> >
> > My LAN is in 10.1.1.0/24 range
> > My Wan Is and ADSL PPoE connection
> >
> > As I said I had to Build a VPN to a Site with
> > aggressive/des/md5/dh1/preshared key BUT
> > The other side wanted me to have a certain IP (10.125.3.33/32) in LAN
> > subnet that will open the IPSEC.
> >
> > So what I did. I puted another Ethernet Card "OPT1" in the machine,
> > plug it in LAN switch/hub, Defined IP settings as the Other IPSEC side
> > wanted e.g. 10.125.3.33/24
> >
> > In IPsec defined:
> > Interface: WAN
> > Local subnet: single host (10.126.33.33) /the IP that they require.
> > Remote subnet: 151.x.x.x
> > remote gateway: Foo.domain.com
> > etc.
> >
> > Now if i go to Monowall  and press PING/Traceroute
> > and select:
> > ping : remote IP 151.x.x.x
> > Interface : OPT1
> > The tunnel is Established.
> >
> > Now. THERE should be an easyest way to do the same thing i did so..
> > Basicaly I need if I select in IPSEC "single IP" and put the IP i
> > mentioned before (10.126.33.33) the tunnel from The LAN cannot be
> > established because my LAN is 10.1.1.0/24 range.
> >
> >
> > so far i did the tunell..it works but i would appreciate some more
> > help from All out there, pls
> >
> > :)
> > Alen
> >
>
>
>


--
----------------------
Alen Stimec
++306942694107