[ previous ] [ next ] [ threads ]
 
 From:  "Mark Gilbert" <mgilbert at marinhd dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] M0n0wall to M0n0wall VPN Routing?
 Date:  Wed, 28 Jun 2006 07:41:55 -0700
Yes,

I got it to work.  I am only using the lan interface on each end.  The
idea of parallel tunnels still is kinda confusing.  I think I understand
it as creating a completely separate tunnel for each interface to the
remote side and create the similar tunnel on the other side. Like point
to multipoint even though the multipoint is one device.  I will try to
read up on it.  Thank you for your help.

Mark

-----Original Message-----
From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de] 
Sent: Wednesday, June 28, 2006 5:01 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] M0n0wall to M0n0wall VPN Routing?

Yep, there was some misunderstanding. After the tunnel has been
established clients will be able to communicate with each other if they
use the m0n0 as default gateway. No need to add routes at the m0n0 and
routes won't work via IPSEC anyway. m0n0 can't firewall IPSEC-Traffic,
so there is no need to set up rules for the Tunnel itself, however both
ends should have Rules at LAN allowing the traffic to the remote subnet
incoming at this interface.

What I was understanding is that you had 2 subnets at one end (like LAN
and OPT1) and in that case you would have needed parallel tunnels unless
you can sum up the networkmasks somehow.

Holger

> -----Original Message-----
> From: Mark Gilbert [mailto:mgilbert at marinhd dot com]
> Sent: Wednesday, June 28, 2006 6:15 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] M0n0wall to M0n0wall VPN Routing?
> 
> 
> I'm sorry but maybe I don't understand.  I looked at the FAQ 
> and I think
> I understand.  Parallel Tunnels?  Maybe I did not explain what I want
> correctly.  I did read where you can create a vpn tunnel between to
> M0n0walls. I just want to be sure that hosts from behind each M0n0wall
> can access resources on each others networks.
> 
> IE
> 
> Network 1
> 10.0.0.0
> 255.255.255.0
> 10.0.0.1 M0n0wall
> 
> Network 2
> 10.10.0.0
> 255.255.255.0
> 10.10.0.1 M0n0wall
> 
> Do you mean I need to create a separate tunnel for each network?
> 
> I want to know if by creating a point to point vpn tunnel 
> that Network 1
> can access resources on Network 2.  And if this is done automatically
> by creating the VPN tunnels between the M0n0walls.
> 
> -----Original Message-----
> From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de] 
> Sent: Tuesday, June 27, 2006 6:12 PM
> To: m0n0wall at lists dot m0n0 dot ch; Mark Gilbert
> Subject: RE: [m0n0wall] M0n0wall to M0n0wall VPN Routing?
> 
> You need parallel tunnels. Routing through an IPSEC tunnel 
> doesn't work
> as the traffic doesn't match the tunnel definition. This has 
> been asked
> numerous times before even with explicit examples. Please search the
> mailinglist. This has become a faq somehow and maybe should 
> be adressed
> a bit more in detail in the documentation.
> 
> Holger
> 
> > -----Original Message-----
> > From: Mark Gilbert [mailto:mgilbert at marinhd dot com]
> > Sent: Wednesday, June 28, 2006 3:10 AM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: [m0n0wall] M0n0wall to M0n0wall VPN Routing?
> > 
> > 
> > Does the M0n0wall automatically hadle routing between the 2 
> > different networks once the M0n0wall to M0n0wall VPN is 
> > created?  What needs to be done to ensure data can route 
> > between the 2 units?
> >  
> > Thanks
> > 
> 
> ____________
> Virus checked by G DATA AntiVirusKit
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

____________
Virus checked by G DATA AntiVirusKit


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch