Re: [m0n0wall] gateway not working with vpn

From:	Jakob Schwienbacher <jakob dot schwienbacher at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] gateway not working with vpn
Date:	Fri, 7 May 2010 09:35:49 +0200
Hello,

first of all i didn't understand the problem to 100%. Probably of my
bad English =:)

So on which host did you log on and try to ping site2? (192.168.x.0/24
or 192.168.z.0/24)
Traffic between LAN X and LAN Z is working?
Is there a new Device between LAN X and LAN Z or is LAN X still
connected to mono wall on another interface.
Could you please describe the whole configuration of the site1 a bit clearly.

Regards,

Jakob

On 4 May 2010 02:43, Joe <j dot commisso at verizon dot net> wrote:
> Correction, where I wrote:
>
> I tried this unsuccessfully as follows:
>
> 192.168.x.0/24<->  [(192.168.*z*.0/24 = eth0) gateway (192.168.z.0/24 =
> eth1)]<->  m0n0wall-1<-(Internet)->  monowall-2<->  192.168.y.0/24
>
>
> I meant to write this:
>
> I tried this unsuccessfully as follows:
>
> 192.168.x.0/24<->  [(192.168.*x*.0/24 = eth0) gateway (192.168.z.0/24 =
> eth1)]<->  m0n0wall-1<-(Internet)->  monowall-2<->  192.168.y.0/24
>
>
> Can anybody point me to somewhere, where I might find answers to what I'm
> trying to do?
>
> Thanks,
> Joe
>
>
>
> On 04/25/2010 12:44 PM, Joe wrote:
>>
>> Hi,
>> I have what I believe is a routing problem.
>>
>> First of all, I have a site to site ipsec vpn up and running as follows:
>>
>> Site 1 Lan subnet: 192.168.x.0/24
>> Site 2 Lan subnet: 192.168.y.0/24
>>
>> 192.168.x.0/24 <-> m0n0wall-1 <-(Internet)-> monowall-2 <-> 192.168.y.0/24
>>
>> It works.
>> The vpn setups are to join the 192.168.x.0 network with the 192.168.y.0
>> network and vice versa.
>>
>> Now, I want to introduce another gateway, so that I can monitor and
>> control traffic.
>> I tried this unsuccessfully as follows:
>>
>> 192.168.x.0/24 <-> [(192.168.z.0/24 = eth0) gateway (192.168.z.0/24 =
>> eth1)] <-> m0n0wall-1 <-(Internet)-> monowall-2 <-> 192.168.y.0/24
>>
>> The internal Lan of monowall-1 was put on the 192.168.z.0 subnet and the
>> monowall-2 ipsec vpn was changed to have the remote subnet be 192.168.z.0.
>>
>> A static route on monowall-1 was added to use the gateway eth1 IP
>> (192.168.z.20) as a gateway to the Site1 Lan subnet traffic
>> (192.168.x.0/24).
>>
>> Once configured, I could log onto a host at site1 and ping through to
>> hosts at Site2.
>> But from site2, I could not ping hosts on the site1 subnet.
>>
>> I could however ping the new gateway eth1 IP address (192.168.z.20) from
>> Site2.
>> I could also log onto the monowall-1 web interface and ping the Lan
>> interface to any host of Site1.
>>
>> Can anybody suggest what is wrong?
>>
>> Note: I will be unable to test out any corrective action until some weeks
>> in the future as I am dependent on work being done outside of normal
>> business hours.
>> The window for this is on some, but not all Sunday mornings.
>>
>> Thanks!
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>