[ previous ] [ next ] [ threads ]
 
 From:  "dasz" <daszylstra at comcast dot net>
 To:  "Tim Cary" <tdc at yesinc dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPSEC Clients Communicate with Each Other?
 Date:  Sun, 8 Jan 2006 19:18:57 -0500
I have a similar situation . . . . . but not with "Mobile Clients" . . . . . 
I wrote the below setup before I realized your config does not locally 
define what IPs are sent over the connection . . . . . you may be able to 
set up the remotes with 2 mobile tunnels each to the corporate LAN . . .

Do all 3 locations have Monowalls?

Monowall currently can only send one subnet over one IPSEC connection (I 
think) . . . . . .

you have to add IPSEC tunnels to each remote using the other remote's 
subnet:
Remote1 IPSEC on the corporate Monowall has 2 tunnels:
    172.16.x.x(corporate)<->172.18.x.x(remote)
    172.19.x.x(corporate)<->172.18.x.x(remote)
Remote2 IPSEC on the corporate Monowall has 2 tunnels:
    172.16.x.x(corporate)<->172.19.x.x(remote)
    172.18.x.x(corporate)<->172.19.x.x(remote)

I have a client with 3 locations using #1 as the endpoint for #2 & 3, in 
order for 3 to talk to 2 I had to set up separate tunnels for each IP range 
. . . it took me a little thinking to understand how this works and 
configure it.  (currently I have 10+ tunnels running between the above 3 
locations to route all the traffic).

One of the outside vendors connecting to my client using CISCO mentioned 
that he's never seen someone get the routing between other VPN tunnels 
working so fast and easy, kudo's to Monowall for that!

David Zylstra
(586) 764 9858
----- Original Message ----- 
From: "Tim Cary" <tdc at yesinc dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Sunday, January 08, 2006 6:41 PM
Subject: [m0n0wall] IPSEC Clients Communicate with Each Other?


> Hi All,
>
> I have two remote sites using the IPSEC "mobile clients" feature, since
> they are on dynamic IP addresses (DSL).  These two sites connect to the
> corporate site (Static IP) just fine.
>
> I am trying to get these remote two subnets to talk to each other.  All
> three sites have different subnets- 172.16.x.x (Corporate LAN),
> 172.18.x.x (Remote 1), and 172.19.x.x (Remote 2).  I have tired a staic
> route entry on each remote m0n0Wall setting the desitnation as the other
> remote subnet, and gateway as the corporate site's m0n0Wall LAN ip, but
> nothing works.  Again, communication from each remote site (and back) to
> corporate is fine, I just can't get the setup to talk remote site to
> remote site.  Any suggestions?
>
> Thank you,
> -Tim
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>