Unique problem: VPN and standard routing to the same endpoints

From:	w dot plein at gmail dot com
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Unique problem: VPN and standard routing to the same endpoints
Date:	Fri, 23 Dec 2005 23:31:48 -0800

I have a somewhat unique situation.

I have a few servers at a colocation, behind a Netscreen firewall (in 
transparent mode). Today I attempted, and after a few struggles, got my 
home m0n0wall to open a VPN with the Netscreen.

On top of this, a server behind my m0n0wall (which is running many-to-one 
NAT) recieves mail from my server at my colocation.

The problem is that while I can open up a direct connect to the colocation 
(which uses all public IP addressing), my colocation servers cannot open up 
a connection to any NATted device at home. Their route is across the 
standard Interet IP space, and gets blocked at the firewall (routing issue, 
for certain).

Is there a way to configure m0n0wall to work around this? Or would I need 
to do funky things like make a lower priority MX listing to my private 
(NAT) IP range? This would be inadvisable, but might fix SMTP. But what of 
other protocols?

--
w dot plein at gmail dot com