[ previous ] [ next ] [ threads ]
 
 From:  Justin Ellison <justin at techadvise dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSec VPN Routing
 Date:  Wed, 19 May 2004 19:34:41 -0500
Hi all,

First of all, thanks for the hard work Manuel!  I'm a BSD n00b, but ran
Linux as my OS of choice for about 5 years now.  I got my CF card today,
and was up and running in minutes.

I have a Soekris 4501 that I'm looking to use to phase out my Debian PC
firewall ( a much larger and louder 486/33 ;-) ) with m0n0wall.  I have
a Netscreen 25 at work, and my Linux box used FreeS/WAN to connect to it
without any problems.

My work VPN is a hub and spoke setup.  A quick slice of the VPN net in
ASCII:

172.31.10.0/24 <------------> 172.31.0.0/22 <-------> 172.31.20.0/24
My House		      Local Office		Montana Office

There are 8 different endpoints on the VPN net, with my Local Office
terminating all tunnels.  My problem is that under Linux, I could use
the destination network of 172.31.0.0/16, and communicate with all
branches from my house.  If I use that destination network in m0n0wall,
it works - I can ping the branch offices and access outside web pages,
but I can no longer access the m0n0wall directly - no pings, no http. 
If I use a destination network of 172.31.0.0/22, I can access the Local
Office and my m0n0wall, but (of course) I can't reach the Montana
Office.

Just a theory, but it seems as if though m0n0wall (more specifically
racoon) is inserting the route for the VPN endpoints before the existing
routes that have already been defined.

Has anyone else ran into this, or have any ideas for a workaround?

Thanks again,

Justin
-- 
Justin Ellison <justin at techadvise dot com>
signature.asc (0.2 KB, application/pgp-signature)