[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Recipe for VPN
 Date:  Wed, 30 May 2007 00:43:00 -0500
John Smith wrote:
> Hello all,
> 
> Can anyone point me to a quick guide on setting up two or three (pc) 
> m0n0wall's to connect two or three offices via the Internet where there 
> are currently standard firewall routers at each location.  This might 
> also fall within the "telecommuter" type of problem/solution.
> 
> I've been following some of the traffic on this list and Googled for a 
> while and found a bunch of bits and pieces that require a lot of trial 
> and error (for me) haven't found anything quick and clean.  I suspect 
> the problem has already been elegantly solved and so am posing the 
> question.
> 
> I could replace the existing routers with m0n0wall, but may be limited 
> to using a DMZ at one or the other location, and would need a pointer to 
> a hints list on defining the m0n0wall rules to ensure security 
> protection is maintained equal to the router that was replaced.

This discription is a bit disjointed, but I will try.

The first thing is, how many endpoints have a static IP address?  At 
least one MUST, and it is better if all do.  No, dnymaic DNS will not work.

Now if you have a static IP you can set up an ipsec VPN.  This will act 
as another interface in the firewall, and you can set rules accordingly. 
    You can also set rules on other interfaces for the VPN networks.  So 
that Sites A and B have access to the DMZ, but sit C does not.  All 
sites must have a different address scheme.

			Lee