RE: [m0n0wall] Simulating a WAN for testing 2 m0n0s

From:	"Jai Ketteridge" <jai at innaloo dot net>
To:	"'Christoph Hanle'" <christoph dot hanle at leinpfad dot de>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Simulating a WAN for testing 2 m0n0s - with log file
Date:	Wed, 9 Aug 2006 22:33:21 +0800

I figured out why my setup wasnt working - I had to untick Block Private
Networks under the WAN Interface setup (down the bottom of the page) on each
firewall.

JK

-----Original Message-----
From: Christoph Hanle [mailto:christoph dot hanle at leinpfad dot de]
Sent: Tuesday, 8 August 2006 12:27 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Simulating a WAN for testing 2 m0n0s - with log
file


Hi Jai,
I am also simulating connections in a testlab, but i do it in another way:
I use e.g. a freesco with 3 NICs or 3 Cisco 2500 for simulate the real
gateways and the "Internet" (0.0.0.0). My testpc has minimum two NICs an
i am running two times a small linux on virtual machines. With this
configuration i can realy god test connections etc. between two nets or
firewalls.
I recommend you using a least an old PC with freesco and three NICs.


bye
Christoph

Jai Ketteridge schrieb:
> Hi
>
> Im currently trying to experiment on 2 new monowall boxes that I built. I
> figured it would be easier for me to network them locally to config before
> actual deployment. My main aim is to also test a few things like DHCP
> relaying across IPsec VPN.
>
> What I have currently is 2 machines with 3 NICs each (LAN, WAN & WLAN) and
> each machine has a cross over cable to my laptop (one at a time depending
on
> which one Im configuring). To simulate a WAN I have attempted give the WAN
> NIC a static IP of 66.66.66.xx on each and created a VPN connection. For
the
> meantime I have set the WAN NIC to have no port restrictions to the LAN
> interface. But the IPsec VPN doesnt come up after specifying the other
> machines' static IP as the gateway in the connection properties. I dont
> think this is wrong?
>
> So what I tried next was setting the WAN ports to DHCP and the two new
monos
> both got an IP from my DHCP server. The DHCP server gives out a different
IP
> range to that of both mono's LAN subnets. I can ping both machines from
one
> another from the WAN interface and my newly edited IPsec VPN connection
> doesnt come up. I am attempting to use Blowfish and SHA1 with a simple
> shared key and have used the same settings as one I used successfully
> before.
>
> I have set both machines to identical VPN connection settings, except the
> obvious IPs and Gateways.
>
> Is there something im missing? Or do I really need to have each machine
> hanging off the end of a DSL connection?
>
> I feel as though I may not have some routing in place somewhere but since
> each machine can see the other on the WAN connection I think it should
> work - but it aint!
>
> This is what my system log says after a fresh reboot.
>
> [..]


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch