No problem, it was indeed the second I was looking a solution for ;-)
Well, not that it is a great problem, but just out of curiousity I
wanted to ask this question - I know a bit of IPSEC & VPN setups, and
routing as well... so I wanted to know if someone already succeeded in
setting up a Home A to Home B tunnel through (for example) the office...
Now that this is sorted out, I know I don't have to search any longer ;)
-thanks a lot
Jeff Buehler schreef:
> Let me backtrack a bit on this - do you want to be able to connect to
> your colleague who is on a LAN at the office (lets say 192.168.2.x)
> from your house (lets say the house LAN is 192.168.3.x)? And if so,
> do you have an IPSEC tunnel from your home to the office system
> (192.168.3.x -> 192.168.2.x)?
> If that is the case, you should simply be able to address the
> colleagues system by its IP address (i.e. 192.168.3.51) or possibly
> its network name if running Windows and everything is set up properly.
> However, on rereading (this is probably what you were talking about,
> right, Daniele? If so, sorry I wasn't following the reasoning but I
> get it now!), if you have two VPNs at the office (lets say 192.168.2.x
> and 192.168.1.x) and your home (192.168.3.x) IPSEC tunnel points to
> 192.168.2.x, then you are out of luck getting to 192.168.1.x, I think
> for obvious reasons. VPNs exist specifically to protect the integrity
> of a private addressing space - once you have access to a private LAN,
> you can do A LOT of damage if you don't belong there - having the
> ability to add a route across LANs wihtout going through some sort of
> security function (like a password protected encrypted VPN) would be a
> huge mistake in my estimation - it would be way to easy to take
> advantage of that sort of mechanism to hack into LANs you didn't
> belong to, and anyone else could do the same.
> Michael, if the second is what you were asking about, sorry I didn't
> get it clear the first time! I guess it just doesn't make sense to me
> because of the obvious security problems.
> Michel Servaes wrote:
>> Ok, this is just a curiosity question - but it would be a great way
>> to solve some of my issues.
>> I have a monowall at home -great product by the way, and a pfSense at
>> the office -another great product.
>> I have multiple VPN's setup at the office to my collegues (and myself).
>> Is there a way to add routes on either monowall or pfsense, that
>> would allow me to reach one of my collegues through the VPN of the
>> I don't want to make another VPN at home, I just want to be able to
>> access all the VPN's with some kind of rule or route...
>> I know I can make a PPTP VPN to the pfSense at work, and work my way
>> through this VPN, but I'd really would love to have this option right
>> ontop of my one IPSEC VPN tunnel that I have to the office.
>> - should I create rules on my box at the office, or would some static
>> routes on my monowall work as well ??
>> - or, should I forget this, and create each IPSEC VPN individually...
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch