[ previous ] [ next ] [ threads ]
 From:  Kenman Wong <kenman dot wong at iaspec dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Hub-And-Spoke VPN
 Date:  Mon, 06 Mar 2006 19:21:09 +0800

After trying this a few more times I seem to have come to the conclusion 
it is not possible to make a Hub-Spoke VPN with my collection of 
Netscreen and Monowall. Almost all the bits and pieces of information I 
have come across that use Hub-Spoke VPN use routers from the same 
vendor/manufacturer. I cannot even get MW->NS IPsec VPN tunnel to work 
with multiple subnets.

I've tried in the NS and MW the following

Two separate IPsec tunnels with unique User FQDN, pre-shared keys.
Two separate tunnels with the same User FQDN and pre-shared keys.
Two separate tunnels, one with User FQDN, one using IP, using unique 
pre-shared keys.

What I seem to find is that as soon as the second tunnel comes up, both 
tunnels will either collapse or only the first one will ever get 
through. I guess once I solve how to access two different remote subnets 
with two tunnels, I can continue testing this. But I no longer have the 
time to.


Dan Firac wrote:
> Hello all,
> Can m0n0wall be configured for a Hub-And-Spoke VPN with communication between spokes?
> TIA,
> Dan.