[ previous ] [ next ] [ threads ]
 
 From:  JR <tiresias at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Racoon and Monowall IPSec VPN with public IPs
 Date:  Tue, 15 Apr 2008 12:30:15 -0400 
On Fri, Apr 11, 2008 at 3:14 PM, Chris Severance
<severach at users dot sourceforge dot net> wrote:
>  Eventually this runs into the problem where you get a collision of RFC
>  1918 subnets and you can't change them. The solution is to map the
>  private IPs to public IPs and form an IPSec VPN between the public IP
>  addresses. A large company with many VPNs will have already done this
>  and using public IPs will be a matter of policy.
....
> vpn192.168.0.10::peer1.1.1.1 <-> peer2.2.2.2::vpn2.2.2.3

The other problem here is that if the remote side has a large number
of VPN's, they will likely have numerous peers using 192.168.1.0/24 or
similar, so they will require you to use source-NAT over the tunnel,
which m0n0wall does not support.

I would have been trying to configure the type of tunnel you are
describing if it weren't for the NAT problem. I ended up purchasing a
Cisco ASA.

JR