Hello,

You can do one of two things:

a) Create second tunnel between 10.20.30.0/24 and 192.168.2.0/24. Use 
exactly the same settings as the existing tunnel, just change the IP 
addresses.

b) On the existing tunnel change the subnet mask on the 192.168.1.0 entry to 
/23. This will then include all IPs in the range 
192.168.1.0-192.168.255.255.

You can't route packets over IPSEC tunnels in the traditional sense. 
Commercial products that can do this either negotiate a tunnel for all 
addresses or use some form additional encapsulation, such as GRE.

Regards,

Kris.

----- Original Message ----- 
From: <kurt at mrkurt dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, April 11, 2006 2:46 AM
Subject: [m0n0wall] Static routes, IPSec tunnel: ARP errors


> I've setup an IPSec tunnel between two monowalls, one at home and one at 
> work.
> The work IP block is 10.20.30.0/24, home is 192.168.1.0/24.
>
> Everything works as expected, I can get to 10.20.30.x from home and 
> 192.168.1.x
> from work.  However, there are also a number of hosts I need to bounce 
> through
> the work monowall to get to.  For instance, 192.168.2.x.  I've attempted 
> to add
> a static route to my LAN interface at home for 192.168.2.0/24 and 
> 10.20.30.1 as
> the gateway.  This does not work, attempts to access anything in the
> 192.168.2.x range gets me these errors:
>
> Apr 10 20:42:13 /kernel: arpresolve: can't allocate llinfo for 
> 10.20.30.1rt
> Apr 10 20:42:13 /kernel: arplookup 10.20.30.1 failed: host is not on local
> network
>
> Any idea what the problem is, and more importantly how I can fix it?  I've
> searched all over and not come up with a "solution", although I did see 
> someone
> else on this list who had a similar problem a couple of years ago.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>