[ previous ] [ next ] [ threads ]
 
 From:  Michel Servaes <michel at mcmc dot be>
 To:  Monowall User List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] how to add a route for a IPSEC VPN that lies on another box ?
 Date:  Tue, 18 Mar 2008 14:32:36 +0100
No problem, it was indeed the second I was looking a solution for ;-)
Well, not that it is a great problem, but just out of curiousity I 
wanted to ask this question - I know a bit of IPSEC & VPN setups, and 
routing as well... so I wanted to know if someone already succeeded in 
setting up a Home A to Home B tunnel through (for example) the office...

Now that this is sorted out, I know I don't have to search any longer ;) 
-thanks a lot

Jeff Buehler schreef:
> Let me backtrack a bit on this - do you want  to be able to connect to 
> your colleague who is on a LAN at the office (lets say 192.168.2.x) 
> from your house (lets say the house LAN is 192.168.3.x)?  And if so, 
> do you have an IPSEC tunnel from your home to the office system 
> (192.168.3.x -> 192.168.2.x)?
>
> If that is the case, you should simply be able to address the 
> colleagues system by its IP address (i.e. 192.168.3.51) or possibly 
> its network name if running Windows and everything is set up properly.
>
> However, on rereading (this is probably what you were talking about, 
> right, Daniele?  If so, sorry I wasn't following the reasoning but I 
> get it now!), if you have two VPNs at the office (lets say 192.168.2.x 
> and 192.168.1.x) and your home (192.168.3.x) IPSEC tunnel points to 
> 192.168.2.x,  then you are out of luck getting to 192.168.1.x, I think 
> for obvious reasons.  VPNs exist specifically to protect the integrity 
> of a private addressing space - once you have access to a private LAN, 
> you can do A LOT of damage if you don't belong there - having the 
> ability to add a route across LANs wihtout going through some sort of 
> security function (like a password protected encrypted VPN) would be a 
> huge mistake in my estimation - it would be way to easy to take 
> advantage of that sort of mechanism to hack into LANs you didn't 
> belong to, and anyone else could do the same.
>
> Michael, if the second is what you were asking about, sorry I didn't 
> get it clear the first time!  I guess it just doesn't make sense to me 
> because of the obvious security problems.
>
> Jeff
>
>
> Michel Servaes wrote:
>> Ok, this is just a curiosity question - but it would be a great way 
>> to solve some of my issues.
>>
>> I have a monowall at home -great product by the way, and a pfSense at 
>> the office -another great product.
>> I have multiple VPN's setup at the office to my collegues (and myself).
>>
>> Is there a way to add routes on either monowall or pfsense, that 
>> would allow me to reach one of my collegues through the VPN of the 
>> office.
>> I don't want to make another VPN at home, I just want to be able to 
>> access all the VPN's with some kind of rule or route...
>>
>> I know I can make a PPTP VPN to the pfSense at work, and work my way 
>> through this VPN, but I'd really would love to have this option right 
>> ontop of my one IPSEC VPN tunnel that I have to the office.
>>
>>
>> - should I create rules on my box at the office, or would some static 
>> routes on my monowall work as well ??
>> - or, should I forget this, and create each IPSEC VPN individually...
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>