[ previous ] [ next ] [ threads ]
 
 From:  "Richard Parvass" <Richard dot Parvass at aaland dot co dot uk>
 To:  "Mark Gilbert" <mgilbert at marinhd dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] multiple VPN tunnels with identicle subnets at other end.
 Date:  Mon, 3 Jul 2006 11:46:40 +0100
Mark

The easiest way I've got this to work (so far, but I've not looked at it
really) is to have two (or more) tunnels set up in m0n0 and enable only
the one that's required at that time. Obviously, each time you swap
them, you'll drop all your tunnels, so some software using the tunnels
may die, but I live with it.

Richard 

-----Original Message-----
From: Mark Gilbert [mailto:mgilbert at marinhd dot com] 
Sent: Friday, June 30, 2006 10:19 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] multiple VPN tunnels with identicle subnets at
other end.


I feel like a real idiot..! I guess this is what happens when you try to
work to fast and then make typos.

Notice the change from both being 40.0 to now being different.


Tunnel 1:   10.0.0.0-----|--------192.168.30.0 ------ 192.168.1.0
 
Tunnel 2:   10.0.0.0-----|--------192.168.40.0 ------ 192.168.1.0
 
The device on the remote end translates the 1.0 into a different subnet
so that the 10.0.0.0
network is able to communicate with 2 separate 1.0 networks.
 
Sorry for the goof up
 
Mark
-----Original Message-----
From: Don Munyak [mailto:don dot munyak at gmail dot com] 
Sent: Friday, June 30, 2006 1:46 PM
To: Mark Gilbert
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] multiple VPN tunnels with identicle subnets at
other end.

from the documentation...

i.e. if both sites are using 192.168.1.0/24 on the LAN, no site to
site VPN will work. This is not a limitation in m0n0wall, it's basic
IP routing. When any host on either of your networks tries to
communicate with 192.168.1.0/24, it will consider that host to be on
its local LAN and the packets will never reach m0n0wall to be passed
over the VPN connection. Similarly, if one site is using, for example,
192.168.0.0/16 and one using 192.168.1.0/24, these subnets are also
overlapping and a site to site VPN will not work.

http://doc.m0n0.ch/handbook/ipsec-prerequisites.html

Don

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


The information in this e-mail and any files transmitted with it is confidential
and may be legally privileged. It is intended solely for the addressee and
others authorised to receive it. If you are not the intended recipient, any
disclosure, copying, distribution or action taken in reliance on its contents
is prohibited and may be unlawful.

The opinions expressed in this message are that of the sender and not
necessarily those of Aaland Limited. If you have received this e-mail in
error please notify postmaster at aaland dot co dot uk