[ previous ] [ next ] [ threads ]
 
 From:  "Alex Randjelovic" <alexr at atnetplus dot com>
 To:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>, "Andrei Levin" <andrei at lanart dot it>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Routing through IPSEC VPN
 Date:  Tue, 28 Mar 2006 08:42:34 -0500 
Your solution is excellent for site-to-site VPN, I will absolutely try
it. However, I am not sure it would work with mobile client accessing 2
"work" networks. 


Alex Randjelovic

-----Original Message-----
From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de] 
Sent: Tuesday, March 28, 2006 8:28 AM
To: Alex Randjelovic; Andrei Levin; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Routing through IPSEC VPN

This is the easiest way to dump everything into one tunneldefinition but
very often not doable without touching a lot of things at all locations
and if you are talking about larger ipsec nets (more than 2 loactions)
nearly impossible. I am using the earlier described solution (parallel
tunnels) even to route traffic from a location1 to a location3 via a
location2 (no direct tunnel between location 1 and location3).

Holger

> -----Original Message-----
> From: Alex Randjelovic [mailto:alexr at atnetplus dot com]
> Sent: Tuesday, March 28, 2006 3:21 PM
> To: Holger Bauer; Andrei Levin; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Routing through IPSEC VPN
> 
> 
> I had same scenario and I found the solution for this. It is called
> route summarization.
> 
> Let's say that home network is on 192.168.1.x /24. Main work 
> network is
> on 192.168.111.0 /25, and additional work network is on 
> 192.168.111.128
> /25. (both work networks are locally connected, not through VPN).
> 
> Do note that work network is subneted. /25 represents subnet mask
> 255.255.255.128.
> 
> In this case you would set VPN on home side to have 
> destination network
> as 192.168.111.0 /24. This way you will be able to "see" both work
> networks from home network.
> 
> Alex Randjelovic
> 
> 
> 
> -----Original Message-----
> From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de] 
> Sent: Tuesday, March 28, 2006 5:28 AM
> To: Andrei Levin; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Routing through IPSEC VPN
> 
> Won't work as the destination network is different from the tunnel
> definition.
> 
> Holger
> 
> > -----Original Message-----
> > From: Andrei Levin [mailto:andrei at lanart dot it]
> > Sent: Tuesday, March 28, 2006 12:08 PM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Routing through IPSEC VPN
> > 
> > 
> > It's a routing problem. You should set the rule on your home 
> > network to 
> > use 10.x.x.x gateway to reach 192.168.111.x net and on the 
> > other side to 
> > use 10.x.x.x gateway to reach 192.168.1.x. That's all.
> > 
> > Andrei Levin
> > 
> > Oliver Kapffer wrote:
> > > Alex,
> > > 
> > > there was an answer, but i never tried the proposed solution.
> > > 
> > > The proposed solution was to establisch a second VPN with 
> the other 
> > > Adressrange.
> > > 
> > > Greetings
> > > Oliver
> > > Alex Randjelovic schrieb:
> > >> Hello,
> > >>
> > >> Did you ever find how to do this? I have the same problem.
> > >>
> > >> Thank you
> > >>
> > >> Alex Randjelovic
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: Oliver Kapffer [mailto:oliver at kapffer dot net] Sent: 
> Wednesday, 
> > >> February 22, 2006 12:06 AM
> > >> To: m0n0wall at lists dot m0n0 dot ch
> > >> Subject: [m0n0wall] Routing through IPSEC VPN
> > >>
> > >> Hi List,
> > >>
> > >> ich have a working VPN here between Home and Work. Homesite ist 
> > >> 192.168.1.x, Work is 10.x.x.x. On the Workside there is an 
> > additional 
> > >> 192.168.111.x Net I want to reach through the VPN. Where 
> > to configure?
> > >>
> > >> Thanks from Germany
> > >> Oliver
> > >>
> > >> 
> > 
> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >>
> > >>   
> > > 
> > > 
> > 
> > 
> > -- 
> > Lan.Art s.r.l.
> > 
> > via Co' del Panico
> > 35028 Piove di Sacco (PD)
> > 
> > tel. 049-7966424
> > fax  049-7966600
> > http://www.lanart.it
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
> > 
> 
> ____________
> Virus checked by G DATA AntiVirusKit
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

____________
Virus checked by G DATA AntiVirusKit