[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: No split tunneling...
 Date:  Fri, 5 May 2006 11:51:02 -0400
On 5/5/06, Joshua Coombs <jcoombs at gwi dot net> wrote:
>
> The remote office m0n0wall will have it's default route pointing at
> the Central HQ box's private IP.  I dunno as you can add that route
> until the link is established though?

You can't route anything across an IPsec connection.  Traffic has to
match the SPD to go across the connection.

What I'd do, though it may not be feasible in some environments, is
put in a firewall rule on the LAN to only allow traffic to the IP
subnet of the main office.  If you use a proxy server, that should
suffice for Internet access and everything else.

I seem to recall people in the past getting this to work by using
0.0.0.0/0 as the remote subnet?  That might be a long shot, but I'm
thinking I've heard of people successfully doing that on this list in
the past.

-Chris