[ previous ] [ next ] [ threads ]
 
 From:  =?iso-8859-2?Q?Robert_ (Sneer) _Siemi=F1ski?= <sneer at poczta dot fm>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPsec over wireless connection
 Date:  Tue, 23 May 2006 23:26:19 +0200 
Hello,

I have a problem with setting up a IPsec tunnel on m0n0wall. Configuration looks like
this:


LAN1 - m0no1 - wireless bridge (now it is only crossover cable) - mono2 - Internet
                                                                    |
                                                                    |
                                                                    |
                                                                   LAN2


LAN1 is 192.168.6.0/24
LAN2 is 192.168.5.0/24
connection between monowalls is 192.168.15.0/30 default policy on both
interfaces is drop, and IPsec connection is working between them (how
is it possible? ;) ).

When I ping from LAN1, I can reach: mono1 wireless interface, LAN2
hosts, mono2 wireless interface, but I can't ping mono2 Interent
interface and mono2 wireless interface of course and I can't reach any
Internet hosts. From LAN2 network I can connect with Internet and
with LAN1 hosts. I added static routes on mono1, one on LAN interface for
network 192.168.5.0/24 with gateway 192.168.15.1 (that is ip of
interface in mono2) and one on LAN interface of mono2 for network
192.168.6.0/24 with gateway 192.168.15.1 (ip of interface in mono1).
Everything seems to be ok, but I still can't reach Internet hosts from
LAN1 :(, from LAN2 it is not a problem.

when I add allow any policy on wireless interface mono2, I can connect
to Internet, but traffic avoids IPsec connection. Does anyone have any
solution? I only want to have Internet in LAN1, LAN2 and safe
connection over wireless. Is it possible to have LAN1 and LAN2 in the
same network? All host on both sites on 192.168.5.0/24 network?

Routing table for mono2:




Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.15.1       UGSc        0        0    rl0
127.0.0.1          127.0.0.1          UH          0        0    lo0
192.168.5          192.168.15.1       UGSc        2        0    rl0
192.168.6          link#2             UC          1        0   fxp0
192.168.6.8        link#2             UHRLW       1     8424   fxp0     10
192.168.15/30      link#1             UC          1        0    rl0
192.168.15.1       00:50:ba:xx:xx:xx  UHLW        5      487    rl0    673


and for mono1:

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            83.18.xxx.xxx      UGSc        4    24784   fxp0
83.18.xxx.xxx/29   link#3             UC          1        0   fxp0
83.18.xxx.xxx      00:0b:23:xx:xx:xx  UHLW        5        0   fxp0   1174
127.0.0.1          127.0.0.1          UH          0        0    lo0
192.168.5          link#2             UC          1        0    rl1
192.168.5.20       00:0c:6e:xx:xx:xx  UHLW        2    20015    rl1    827
192.168.5.192      192.168.5.254      UH          2      749    ng1           it is because of PPTP
from Internet.
192.168.5.192      00:50:ba:xx:xx:xx  UHLS2       0        0    rl1
192.168.5.254      lo0                UHS         0        0    lo0
192.168.6          192.168.15.2       UGSc        0     8848    rl0
192.168.15/30      link#1             UC          1        0    rl0
192.168.15.2       00:50:ba:xx:xx:xx  UHLW        2     8889    rl0    630

-- 
Best regards,
 Robert (Sneer) Siemiñski


----------------------------------------------------------------------
INTERIA.PL dla kobiet... >>> http://link.interia.pl/f193b