[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  M0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] How to route OPT traffic to IPSec tunnel?
 Date:  Thu, 1 Apr 2010 13:59:24 -0400 
On Thu, Apr 1, 2010 at 1:56 PM, Michael <monowall at encambio dot com> wrote:
>
> Hello list,
>
> My config is:
>
>  ---- Router A ----        ---- Router B ----
>  WAN: 64.64.46.65/29       WAN: 86.86.68.31/29
>  LAN: 192.168.12.1/24      LAN: 192.168.13.1/24
>  OPT: 123.123.123.1/24     OPT: 110.110.110.1/24
>
> The LANs of both routers are connected via a IPSec tunnel, so:
>
>  RouterA/LAN $ traceroute 192.168.13.13
>  traceroute to 192.168.13.13, 30 hops max, 60 byte packets
>  1  192.168.132.1 0.194 ms  0.180 ms  0.230 ms
>  2  * * *
>  3  192.168.13.13 52.103 ms  56.046 ms 61.009 ms
>
> ...pinging works fine. The problem is trying to pass any traffic
> from OPT to the VPN does not work:
>
>  RouterA/OPT $ traceroute 192.168.13.13
>  traceroute to 192.168.12.12, 64 hops max, 52 byte packets
>  1  123.123.123.1  0.670 ms  0.505 ms  0.510 ms
>  2  * * *
>  3  * * ^C
>
> What is the correct way to route any (not just ICMP) traffic
> from the OPT interface to hosts through the tunnel? Thanks.
>

Your IPsec config has to include the subnet of that OPT1 interface.