[ previous ] [ next ] [ threads ]
 
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] static route problem??
 Date:  Wed, 14 Jan 2004 18:34:55 -0500 
Christopher M. Iarocci wrote:

> dave at rodrig dot com wrote:
>
>>>
>>>   
>>
>>
>> maybe it's just late, but i lost you about halfway through (I've read it
>> several times...)
>>
>> At first it seems like you're trying to go into your LAN (from the DMZ),
>> then it seems as if you're talking about the other direction....a 
>> diagram
>> might help.
>>
>>  
>>
> No, I re-read my message, and it's certainly NOT clear.  I guess it 
> was late when I wrote it.  :-)  Let me start again.
>
> I have an Optional interface, that I want to be able to go through my 
> VPN (which is IPSEC) to another location.  It is on a seperate subnet 
> than my LAN (192.168.2.1), and the VPN is set up to establish from my 
> LAN subnet to the other internal subnet (192.168.1.1) at a different 
> location.  Now, I've tried setting up an additional VPN from the Opt 
> subnet (192.168.100.1), to the network on the other side, and racoon 
> seems to just ignore it.  It never tries to establish at all.  Maybe 
> there is a limitation on how many tunnels can go to a single 
> location?  That being the case, I tried to route traffic to the remote 
> subnet from my Opt1 subnet through the LAN interface.  This is where 
> the problem comes in.  If I put in a route that says:
>
> If from Opt interface, destined for the 192.168.1.0/24 network, go 
> through 192.168.2.1,
>
> it doesn't work.  I didn't really expect it to, but thought I'd give 
> it a try.  The funny thing is, if I tracert from the 192.168.100.0/24 
> network, to the 192.168.1.0/24 network, the tracert goes nowhere, not 
> even to the gateway of 192.168.2.1 as I specified.  Without the route, 
> it tries to go directly out the WAN interface (which it probably 
> should), but obviously doesn't get very far because it's a private 
> network.
>
> Is there a way to get this to work that anyone can think of?  I really 
> need to get from the 192.168.100.0/24 network to the 192.168.1.0/24 
> network any way I can.  A 2nd VPN seemed the first logical choice, but 
> when I set it up, nothing happens, not even an attempt to connect.  Is 
> there a way to route this traffic so it can reach the 192.168.1.0/24 
> network through the VPN that does work?
>
> Chris
>
>
Nobody?