[ previous ] [ next ] [ threads ]
 
 From:  "Andrew Thrift at Home" < at >
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Routing Problem with IPSEC
 Date:  Mon, 21 Jun 2004 10:44:41 +1200
Ok, here the situation:

Head Office End:
WRAP Board
m0n0wall 1.1b12
LAN   192.168.90.4/24
WAN PPPOE (10.0.50.62)
Default GW is set by PPPOE


Remote End:
WRAP Board
m0n0wall 1.1b12
LAN 192.168.100.250/24
WAN PPPOE (10.0.50.56)
Default GW is set by PPPOE


There is an IPSEC tunnell established between the two and I can ping 
machines on the 192.168.90.x subnet from the remote site, and from Head 
Office I can ping machines on the remote 192.168.100.x subnet as well.

What I want to do however is add a route to the remote site for the 
192.168.99.0/24 subnet with a GW of 192.168.90.254 that goes OVER the 
VPN to the remote gateway.
I have added this to the WEB interface of m0n0wall but when I ping I 
dont get a reply and when I do a tracert it appears to be going out of 
the m0n0's default GW which is allocated by PPPOE.

Does anyone have any ideas on where I am going wrong??

netstat -rn from head office gives the following:

netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            219.88.140.245     UGSc        3   184845    ng0
10.0.50.62         lo0                UHS         0        0    lo0
127.0.0.1          127.0.0.1          UH          0        0    lo0
192.168.90         link#1             UC          5        0   sis0
192.168.90.1       00:03:47:31:00:85  UHLW        0    60142   sis0   1192
192.168.90.28      00:07:e9:92:c1:5b  UHLW        6   326347   sis0   1173
192.168.90.222     00:c0:ee:10:60:b6  UHLW        0       17   sis0   1186
192.168.90.250     00:d0:b7:51:bb:1a  UHLW        0     8876   sis0    389
192.168.90.254     00:d0:b7:92:87:78  UHLW        1     1404   sis0    698
192.168.99         192.168.90.254     UGSc        0        6   sis0
219.88.140.245     10.0.50.62         UH          2        0    ng0

and from the remote end gives this:

netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            219.88.140.245     UGSc        4    14632    ng0
10.0.50.56         lo0                UHS         0        0    lo0
127.0.0.1          127.0.0.1          UH          0        0    lo0
192.168.99         192.168.90.4       UGSc        0        0    ng0
192.168.100        link#1             UC          1        0   sis0
192.168.100.20     00:0d:61:4b:82:d9  UHLW        0     7495   sis0    779
219.88.140.245     10.0.50.56         UH          4        0    ng0



The ideal situation would of course be to make the remote IP of 
192.168.90.254 the default gw for the remote m0n0wall so that all 
traffic goes OVER the VPN to the remote gateway.  I have this working 
with Linux and OpenVPN.