Re: [m0n0wall] IPsec WLAN to WAN without LAN access

From:	"Bjoern Euler (lists at edain)" <lists at edain dot de>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	"Bob ." <tempuserone at yahoo dot com>
Subject:	Re: [m0n0wall] IPsec WLAN to WAN without LAN access
Date:	Wed, 14 Dec 2005 21:18:29 +0100

Bob . wrote:
> My questions revolve around the fact that I do not want to have WLAN / LAN connectivity. So ..

Hi,

to protect your wlan and get access to the internet through IPSec you 
would use 0.0.0.0/0 on m0n0wall side as "Local subnet" and the same as 
"Server subnet" on TauVPN side.

But the problem is that you cannot exclude your LAN subnet from this 
configuration.
Even filtering for traffic to "LAN Subnet" that comes from the IPSec 
tunnel currently does not work with m0n0wall, see 
http://www.m0n0.ch/wall/list/showmsg.php?id=173/07

If you do not need Lan Subnet access I would suggest using WPA and MAC 
filter for securing your WLAN and doing the filtering on m0n0wall like 
you do now on DMZ interface.

Regards

-Bjoern Euler