I have what I believe is a routing problem.
First of all, I have a site to site ipsec vpn up and running as follows:
Site 1 Lan subnet: 192.168.x.0/24
Site 2 Lan subnet: 192.168.y.0/24
192.168.x.0/24 <-> m0n0wall-1 <-(Internet)-> monowall-2 <-> 192.168.y.0/24
The vpn setups are to join the 192.168.x.0 network with the 192.168.y.0
network and vice versa.
Now, I want to introduce another gateway, so that I can monitor and
I tried this unsuccessfully as follows:
192.168.x.0/24 <-> [(192.168.z.0/24 = eth0) gateway (192.168.z.0/24 =
eth1)] <-> m0n0wall-1 <-(Internet)-> monowall-2 <-> 192.168.y.0/24
The internal Lan of monowall-1 was put on the 192.168.z.0 subnet and the
monowall-2 ipsec vpn was changed to have the remote subnet be 192.168.z.0.
A static route on monowall-1 was added to use the gateway eth1 IP
(192.168.z.20) as a gateway to the Site1 Lan subnet traffic
Once configured, I could log onto a host at site1 and ping through to
hosts at Site2.
But from site2, I could not ping hosts on the site1 subnet.
I could however ping the new gateway eth1 IP address (192.168.z.20) from
I could also log onto the monowall-1 web interface and ping the Lan
interface to any host of Site1.
Can anybody suggest what is wrong?
Note: I will be unable to test out any corrective action until some
weeks in the future as I am dependent on work being done outside of
normal business hours.
The window for this is on some, but not all Sunday mornings.