Let me backtrack a bit on this - do you want to be able to connect to
your colleague who is on a LAN at the office (lets say 192.168.2.x) from
your house (lets say the house LAN is 192.168.3.x)? And if so, do you
have an IPSEC tunnel from your home to the office system (192.168.3.x ->
If that is the case, you should simply be able to address the colleagues
system by its IP address (i.e. 192.168.3.51) or possibly its network
name if running Windows and everything is set up properly.
However, on rereading (this is probably what you were talking about,
right, Daniele? If so, sorry I wasn't following the reasoning but I get
it now!), if you have two VPNs at the office (lets say 192.168.2.x and
192.168.1.x) and your home (192.168.3.x) IPSEC tunnel points to
192.168.2.x, then you are out of luck getting to 192.168.1.x, I think
for obvious reasons. VPNs exist specifically to protect the integrity
of a private addressing space - once you have access to a private LAN,
you can do A LOT of damage if you don't belong there - having the
ability to add a route across LANs wihtout going through some sort of
security function (like a password protected encrypted VPN) would be a
huge mistake in my estimation - it would be way to easy to take
advantage of that sort of mechanism to hack into LANs you didn't belong
to, and anyone else could do the same.
Michael, if the second is what you were asking about, sorry I didn't get
it clear the first time! I guess it just doesn't make sense to me
because of the obvious security problems.
Michel Servaes wrote:
> Ok, this is just a curiosity question - but it would be a great way to
> solve some of my issues.
> I have a monowall at home -great product by the way, and a pfSense at
> the office -another great product.
> I have multiple VPN's setup at the office to my collegues (and myself).
> Is there a way to add routes on either monowall or pfsense, that would
> allow me to reach one of my collegues through the VPN of the office.
> I don't want to make another VPN at home, I just want to be able to
> access all the VPN's with some kind of rule or route...
> I know I can make a PPTP VPN to the pfSense at work, and work my way
> through this VPN, but I'd really would love to have this option right
> ontop of my one IPSEC VPN tunnel that I have to the office.
> - should I create rules on my box at the office, or would some static
> routes on my monowall work as well ??
> - or, should I forget this, and create each IPSEC VPN individually...
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch