[ previous ] [ next ] [ threads ]
 
 From:  "Harry Otten" <hotten at 12solveit dot nl>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] RE: Monowall <-> Draytek
 Date:  Tue, 10 Feb 2009 21:03:06 +0100
Dear all,

The VPN is working now. It appears that the monowall will never show the
route to the other ipsec connected network. 
(status.php) 

It would be nice to have a show route page on the main monowall page with
perhaps a small extra list with "hidden" vpn ranges. 

I noticed this when using the ping page to ping 10.100.200.1 on the lan
interface. 
That works, it uses the IPSEC connection. 

(a small hint on that page that you need the lan interface to ping host over
the ipsec connection would be nice)

The real problem why I could not connect to the 10.100.200.0 from out the
lan segment was as follows:

The machine which I used to test was also in a other segment where it had a
wan ip with a default gw to the monowall.
That way the originator of let say a ping packet was the WAN IP and not the
ip from the lan.

So I had to add a route for 10.100.200.0 to the monowall ip in the lan
segment on my test machine. 

I also changed the outbound nat rules not to nat if it was heading to !
10.100.200.0 on the WAN interface.
I don't know yet if this is needed.

Hope this helps someone. 

Or in case if I'm wrong, please let me know.

Cheers,
Harry


-----Oorspronkelijk bericht-----
Van: Harry Otten [mailto:hotten at 12solveit dot nl] 
Verzonden: maandag 9 februari 2009 23:20
Aan: m0n0wall at lists dot m0n0 dot ch
Onderwerp: [m0n0wall] RE: Monowall <-> Draytek

Hello,

 

I'm connection two sites together using ipsec

Monowall 1.3b15 and a draytek 2910

 

172.30.1.1/24

Monowall 

   WAN X 

     |

     |

   WAN Y

Draytek

  Local net  

 10.100.200.1/24   

 

Phase 1 & 2 are up and  currently the clients from 10.100.200.x can reach
servers at 172.30.1.0/24

Nice but from 172.30.1.x they cannot reach 10.100.200.x

 

It appears the monowall doesn't route them ,  a tracepath shows that the
monowall forwards it to the default gw instead of the VPN.

 

VPN -> IP SEC

 I have entered as remote subnet 10.100.200.0/24.

That should take care that the monowall create a route to that network ( I
think??!)

But checking status.php I see no route for  10.100.200.0/24

 

Must the route be pushed from the other end ( the draytek), or did I set
something wrong on the monowall.

 

Setting up a static route looks like the solution, but I don't know what to
set as interface and gateway.

 

Any help is appreciated.

 

Cheers,

Harry