[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  "Alex Randjelovic" <alexr at atnetplus dot com>, "Andrei Levin" <andrei at lanart dot it>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Routing through IPSEC VPN
 Date:  Tue, 28 Mar 2006 16:07:17 +0200
You are correct, it won't work with that as you can only make one local subnet selection at the m0n0
end for mobile clients and your mobile clients would need more than one tunnel then too. In that
case you would have to reconfigure the networks to match your described sumaraziation if possible.

Holger

> -----Original Message-----
> From: Alex Randjelovic [mailto:alexr at atnetplus dot com]
> Sent: Tuesday, March 28, 2006 3:43 PM
> To: Holger Bauer; Andrei Levin; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Routing through IPSEC VPN
> 
> 
> Your solution is excellent for site-to-site VPN, I will absolutely try
> it. However, I am not sure it would work with mobile client 
> accessing 2
> "work" networks. 
> 
> 
> Alex Randjelovic
> 
> -----Original Message-----
> From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de] 
> Sent: Tuesday, March 28, 2006 8:28 AM
> To: Alex Randjelovic; Andrei Levin; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Routing through IPSEC VPN
> 
> This is the easiest way to dump everything into one 
> tunneldefinition but
> very often not doable without touching a lot of things at all 
> locations
> and if you are talking about larger ipsec nets (more than 2 loactions)
> nearly impossible. I am using the earlier described solution (parallel
> tunnels) even to route traffic from a location1 to a location3 via a
> location2 (no direct tunnel between location 1 and location3).
> 
> Holger
> 
> > -----Original Message-----
> > From: Alex Randjelovic [mailto:alexr at atnetplus dot com]
> > Sent: Tuesday, March 28, 2006 3:21 PM
> > To: Holger Bauer; Andrei Levin; m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] Routing through IPSEC VPN
> > 
> > 
> > I had same scenario and I found the solution for this. It is called
> > route summarization.
> > 
> > Let's say that home network is on 192.168.1.x /24. Main work 
> > network is
> > on 192.168.111.0 /25, and additional work network is on 
> > 192.168.111.128
> > /25. (both work networks are locally connected, not through VPN).
> > 
> > Do note that work network is subneted. /25 represents subnet mask
> > 255.255.255.128.
> > 
> > In this case you would set VPN on home side to have 
> > destination network
> > as 192.168.111.0 /24. This way you will be able to "see" both work
> > networks from home network.
> > 
> > Alex Randjelovic
> > 
> > 
> > 
> > -----Original Message-----
> > From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de] 
> > Sent: Tuesday, March 28, 2006 5:28 AM
> > To: Andrei Levin; m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] Routing through IPSEC VPN
> > 
> > Won't work as the destination network is different from the tunnel
> > definition.
> > 
> > Holger
> > 
> > > -----Original Message-----
> > > From: Andrei Levin [mailto:andrei at lanart dot it]
> > > Sent: Tuesday, March 28, 2006 12:08 PM
> > > To: m0n0wall at lists dot m0n0 dot ch
> > > Subject: Re: [m0n0wall] Routing through IPSEC VPN
> > > 
> > > 
> > > It's a routing problem. You should set the rule on your home 
> > > network to 
> > > use 10.x.x.x gateway to reach 192.168.111.x net and on the 
> > > other side to 
> > > use 10.x.x.x gateway to reach 192.168.1.x. That's all.
> > > 
> > > Andrei Levin
> > > 
> > > Oliver Kapffer wrote:
> > > > Alex,
> > > > 
> > > > there was an answer, but i never tried the proposed solution.
> > > > 
> > > > The proposed solution was to establisch a second VPN with 
> > the other 
> > > > Adressrange.
> > > > 
> > > > Greetings
> > > > Oliver
> > > > Alex Randjelovic schrieb:
> > > >> Hello,
> > > >>
> > > >> Did you ever find how to do this? I have the same problem.
> > > >>
> > > >> Thank you
> > > >>
> > > >> Alex Randjelovic
> > > >>
> > > >>
> > > >> -----Original Message-----
> > > >> From: Oliver Kapffer [mailto:oliver at kapffer dot net] Sent: 
> > Wednesday, 
> > > >> February 22, 2006 12:06 AM
> > > >> To: m0n0wall at lists dot m0n0 dot ch
> > > >> Subject: [m0n0wall] Routing through IPSEC VPN
> > > >>
> > > >> Hi List,
> > > >>
> > > >> ich have a working VPN here between Home and Work. 
> Homesite ist 
> > > >> 192.168.1.x, Work is 10.x.x.x. On the Workside there is an 
> > > additional 
> > > >> 192.168.111.x Net I want to reach through the VPN. Where 
> > > to configure?
> > > >>
> > > >> Thanks from Germany
> > > >> Oliver
> > > >>
> > > >> 
> > > 
> > 
> ---------------------------------------------------------------------
> > > >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > >>
> > > >>   
> > > > 
> > > > 
> > > 
> > > 
> > > -- 
> > > Lan.Art s.r.l.
> > > 
> > > via Co' del Panico
> > > 35028 Piove di Sacco (PD)
> > > 
> > > tel. 049-7966424
> > > fax  049-7966600
> > > http://www.lanart.it
> > > 
> > > 
> > 
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > 
> > > 
> > 
> > ____________
> > Virus checked by G DATA AntiVirusKit
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
> > 
> 
> ____________
> Virus checked by G DATA AntiVirusKit
> 
> 

____________
Virus checked by G DATA AntiVirusKit