First of all, thanks for the hard work Manuel! I'm a BSD n00b, but ran
Linux as my OS of choice for about 5 years now. I got my CF card today,
and was up and running in minutes.
I have a Soekris 4501 that I'm looking to use to phase out my Debian PC
firewall ( a much larger and louder 486/33 ;-) ) with m0n0wall. I have
a Netscreen 25 at work, and my Linux box used FreeS/WAN to connect to it
without any problems.
My work VPN is a hub and spoke setup. A quick slice of the VPN net in
172.31.10.0/24 <------------> 172.31.0.0/22 <-------> 172.31.20.0/24
My House Local Office Montana Office
There are 8 different endpoints on the VPN net, with my Local Office
terminating all tunnels. My problem is that under Linux, I could use
the destination network of 172.31.0.0/16, and communicate with all
branches from my house. If I use that destination network in m0n0wall,
it works - I can ping the branch offices and access outside web pages,
but I can no longer access the m0n0wall directly - no pings, no http.
If I use a destination network of 172.31.0.0/22, I can access the Local
Office and my m0n0wall, but (of course) I can't reach the Montana
Just a theory, but it seems as if though m0n0wall (more specifically
racoon) is inserting the route for the VPN endpoints before the existing
routes that have already been defined.
Has anyone else ran into this, or have any ideas for a workaround?
Justin Ellison <justin at techadvise dot com>