[ previous ] [ next ] [ threads ]
 From:  Jeff Buehler <jeff at buehlertech dot com>
 To:  Monowall User List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] how to add a route for a IPSEC VPN that lies on another box ?
 Date:  Mon, 17 Mar 2008 17:46:02 -0700
Oh yeah, sorry, two LANS not one (It's been a while!).  However, the 
IPSEC tunnel in essence allows all devices attached to each end become 
part of the other LAN.  So if your home LAN is 192.168.22.x and your 
office LAN is 192.168.23.x and you have an IPSEC tunnel between them, 
then devices in either network should be able to address devices in the 
other.  Daniele, I'm not sure why you would say the endpoints would be 
unable to communicate - thats what the IPSEC tunnel is for, right? Or am 
I forgetting something - I haven't set up a IPSEC VPN in more than a year.


Daniele Guazzoni wrote:
> Michel Servaes wrote:
>> Is there a way to add routes on either monowall or pfsense, that 
>> would allow me to reach one of my collegues through the VPN of the 
>> office.
>> I don't want to make another VPN at home, I just want to be able to 
>> access all the VPN's with some kind of rule or route...
> With IPsec the communication goes from the defined local network to 
> the defined remote network (and vice versa) through the tunnel.
> Therefore you will not be able to directly communicate to other IPsec 
> endpoints as either the source or the destination network will not 
> match the IPsec definitions.
> Even routing will not help: think at the IPsec definition like a 
> firewall rule which allows only traffic if it match both source and 
> destination.
> With OpenVPN you can allow transit over the server (in pfSense is the 
> "client-to-client VPN" feature).
> I'm not sure if you can do that with PPTP.
> Or you use some sort of proxy in your office LAN...
> Hope this helps