[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LAN IPSEC vs OPT1 internet config
 Date:  Mon, 12 Jun 2006 14:25:57 -0400
On 6/12/06, Andrew Cotter <andrew dot cotter at somersetcapital dot com> wrote:
> As they are mostly home offices, our remote staff tend to want to use their
> internet connections for personal computers as well.  With the third (OPT1)
> interface, could we have their personal network or computer routed to the
> internet and not over the IPSEC VPN tunnel into our network?
> Internet <----> WAN <--> OPT1 <---> personal desktops

Yes, that would work fine.  Though if you need to push all the data
over IPsec, it may or may  not work.  In the past, people claim to
have gotten it working without any issue.  More recently, people have
reported problems trying to do it exactly the same way (supposedly).
Whether or not that's user error is yet to be determined.  But if you
just want to push data going to your network over the VPN, and let
Internet traffic out locally, that will work fine.  I would make sure
you get static public IP's if at all possible.  It's a lot easier to
deal with and more stable no matter what VPN equipment you're using.

Other than that possibility, I don't see any issues with it.