Re: [m0n0wall] Static routes issue with two gateways.

From:	Adam Stasiak <palesius at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Static routes issue with two gateways.
Date:	Thu, 28 Apr 2011 08:00:57 -0400

>
> OK.  Now I gt it.  First, you will never need to put static routs in the
> PCs.  Just good routes in the firewalls.  Second, you can not add static
> routs to a VPN link.  So that means that each firewall needs a VPN or
> direct route to each other firewall.  If you add VPN links from FW2 and
> FW3 to FW1B over the cable modem, yous should be set.  You will not need
> to add static routes to FW1A or FW1B as they share a subnet, and will
> have the routes generated by the VPN internally.
>
> Does this help?
>
> 			Lee
>
> Nice and simple but unless I'm missing something I don't think it would
work. The remote firewalls FW2 and FW3 would have no idea of which VPN
tunnel to use (FW1A or FW1B) since they both share the same subnet (
10.100.1.0/24). Obviously I can split the site into subnets (10.100.1.0/25and
10.100.1.128/25) or something like that, but at that point I'd rather deal
with static routes on the client PCs. Am I missing something here, or is
there some way to make the above work?