[ previous ] [ next ] [ threads ]
 
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  dave at rodrig dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] static route problem??
 Date:  Tue, 13 Jan 2004 10:21:32 -0500 
dave at rodrig dot com wrote:

>>
>>    
>>
>
>maybe it's just late, but i lost you about halfway through (I've read it
>several times...)
>
>At first it seems like you're trying to go into your LAN (from the DMZ),
>then it seems as if you're talking about the other direction....a diagram
>might help.
>
>  
>
No, I re-read my message, and it's certainly NOT clear.  I guess it was 
late when I wrote it.  :-)  Let me start again.

I have an Optional interface, that I want to be able to go through my 
VPN (which is IPSEC) to another location.  It is on a seperate subnet 
than my LAN (192.168.2.1), and the VPN is set up to establish from my 
LAN subnet to the other internal subnet (192.168.1.1) at a different 
location.  Now, I've tried setting up an additional VPN from the Opt 
subnet (192.168.100.1), to the network on the other side, and racoon 
seems to just ignore it.  It never tries to establish at all.  Maybe 
there is a limitation on how many tunnels can go to a single location?  
That being the case, I tried to route traffic to the remote subnet from 
my Opt1 subnet through the LAN interface.  This is where the problem 
comes in.  If I put in a route that says:

If from Opt interface, destined for the 192.168.1.0/24 network, go 
through 192.168.2.1,

it doesn't work.  I didn't really expect it to, but thought I'd give it 
a try.  The funny thing is, if I tracert from the 192.168.100.0/24 
network, to the 192.168.1.0/24 network, the tracert goes nowhere, not 
even to the gateway of 192.168.2.1 as I specified.  Without the route, 
it tries to go directly out the WAN interface (which it probably 
should), but obviously doesn't get very far because it's a private network.

Is there a way to get this to work that anyone can think of?  I really 
need to get from the 192.168.100.0/24 network to the 192.168.1.0/24 
network any way I can.  A 2nd VPN seemed the first logical choice, but 
when I set it up, nothing happens, not even an attempt to connect.  Is 
there a way to route this traffic so it can reach the 192.168.1.0/24 
network through the VPN that does work?

Chris