Re: [m0n0wall] gateway not working with vpn

From:	Joe <j dot commisso at verizon dot net>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] gateway not working with vpn
Date:	Mon, 03 May 2010 20:43:55 -0400
Correction, where I wrote:

I tried this unsuccessfully as follows:

192.168.x.0/24<->  [(192.168.*z*.0/24 = eth0) gateway (192.168.z.0/24 =
eth1)]<->  m0n0wall-1<-(Internet)->  monowall-2<->  192.168.y.0/24


I meant to write this:

I tried this unsuccessfully as follows:

192.168.x.0/24<->  [(192.168.*x*.0/24 = eth0) gateway (192.168.z.0/24 =
eth1)]<->  m0n0wall-1<-(Internet)->  monowall-2<->  192.168.y.0/24


Can anybody point me to somewhere, where I might find answers to what 
I'm trying to do?

Thanks,
Joe



On 04/25/2010 12:44 PM, Joe wrote:
> Hi,
> I have what I believe is a routing problem.
>
> First of all, I have a site to site ipsec vpn up and running as follows:
>
> Site 1 Lan subnet: 192.168.x.0/24
> Site 2 Lan subnet: 192.168.y.0/24
>
> 192.168.x.0/24 <-> m0n0wall-1 <-(Internet)-> monowall-2 <-> 
> 192.168.y.0/24
>
> It works.
> The vpn setups are to join the 192.168.x.0 network with the 
> 192.168.y.0 network and vice versa.
>
> Now, I want to introduce another gateway, so that I can monitor and 
> control traffic.
> I tried this unsuccessfully as follows:
>
> 192.168.x.0/24 <-> [(192.168.z.0/24 = eth0) gateway (192.168.z.0/24 = 
> eth1)] <-> m0n0wall-1 <-(Internet)-> monowall-2 <-> 192.168.y.0/24
>
> The internal Lan of monowall-1 was put on the 192.168.z.0 subnet and 
> the monowall-2 ipsec vpn was changed to have the remote subnet be 
> 192.168.z.0.
>
> A static route on monowall-1 was added to use the gateway eth1 IP 
> (192.168.z.20) as a gateway to the Site1 Lan subnet traffic 
> (192.168.x.0/24).
>
> Once configured, I could log onto a host at site1 and ping through to 
> hosts at Site2.
> But from site2, I could not ping hosts on the site1 subnet.
>
> I could however ping the new gateway eth1 IP address (192.168.z.20) 
> from Site2.
> I could also log onto the monowall-1 web interface and ping the Lan 
> interface to any host of Site1.
>
> Can anybody suggest what is wrong?
>
> Note: I will be unable to test out any corrective action until some 
> weeks in the future as I am dependent on work being done outside of 
> normal business hours.
> The window for this is on some, but not all Sunday mornings.
>
> Thanks!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>