[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Re: [m0n0wall] newbie: Connect to remote lan at other end of vpn link.
 Date:  Fri, 23 Jul 2004 00:31:06 -0700 (PDT)
On Thu, 22 Jul 2004, APHS wrote:

> > - What version of m0n0wall are you using?
> > - Can m0no itself ping machines on all the 4 subnets?
> 
> m0no version 1.0 on both the firewalls. the firewall on the 192 can
> only ping the 172 network which it is connected to via vpn - it can't
> ping any of the other networks.
> The mono on the 172 can ping all of the networks.

Does everything have the proper routing entries to say how to get to
everything else?  Generally that means:

1) All machines in a given subnet have to see the m0n0 in that subnet as
the route to the "remote subnets".  If the m0n0 isn't the default gateway
for that subnet, then whatever machine *is* the default gateway needs a
static routing entry to that effect.  The rest of the machines *should*
then be able to pick that up via ICMP redirect.

2) Each m0n0 needs to have static routes configured to reach the remote
subnets via the remote m0n0, except that with IPsec it gets the "route" to
the *one* remote subnet described by the tunnel "for free".

					Fred Wright