[ previous ] [ next ] [ threads ]
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "Fred Weston" <fred dot weston at daytonawan dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] RE: Firewalling /filtering IPSec tunnels...
 Date:  Fri, 23 Apr 2004 14:30:49 -0700
> -----Original Message-----
> From: Fred Weston [mailto:fred dot weston at daytonawan dot com]
> Sent: Friday, April 23, 2004 1:55 PM
> To: Mitch (WebCob)
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] RE: Firewalling /filtering IPSec tunnels...
> Mitch (WebCob) wrote:
> >Further to this question, is it possible (and how?) do you configure to
> >allow clients at the end of IPSec tunnels to see each other?
> >
> >Consider 3 mono's - each with WAN and LAN.
> >
> >I want to connect A & B to C so that A & B can see C's private
> network , but
> >ALSO so that A can see B.
> >
> >A & B CAN NOT be directly connected due to constraints of the service
> >provider.
> >
> >A, B, and C can all have private lan subnets as required.
> >
> >Anyone care to point me in the right direction? Do I need to manually add
> >routes after establishing the tunnels or ?
> >
> >Thanks.
> >
> >
> I would imagine that you would need to add C's network to A's SA with B
> and A's network to C's SA with B.  That should get the packets to B at
> least, whether or not it will forward them back out another tunnel is
> probably the clenching factor.

I'm wondering if I need to NAT the traffic before sending it, so that the
remote end only see's the VPN endpoint it is aware of...

Not sure how to glue it all together though...