[ previous ] [ next ] [ threads ]
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "David Woodhouse" <dwoodhouse1 at btinternet dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Multiple VPN Question
 Date:  Tue, 3 Aug 2004 08:39:56 -0700
I think you are coming across a common problem from a different angle.

In FreeBSD, ipsec policy bypasses routing and filtering.

I THINK there is a kernel option which partially addresses this, but don't
think it's in mono by default.

options		IPSEC_FILTERGIF (documented in LINT)

Maybe this is only a 5.x kernel option - I haven't looked at it in that much
detail yet.

> -----Original Message-----
> From: David Woodhouse [mailto:dwoodhouse1 at btinternet dot com]
> Sent: Monday, August 02, 2004 8:07 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Multiple VPN Question
> Hi,
> I am looking at installing two monowall servers and I was hoping
> to get some advice. Each monowall will have 3 interfaces (LAN,
> WAN, DMZ). I want to enable traffic between the two LAN networks
> and the two DMZ networks but the DMZ's should not be able to
> access any of the LAN networks, all this traffic should be over a vpn.
> Monowall 1			Monowall 2
> Lan 1-------------------Lan 2		OK
> DMZ 1-------------------DMZ 2		OK
> Lan 1-------------------DMZ 2		NOT OK
> DMZ 1-------------------Lan 2		NOT OK
> Is the best method to create 2 vpns, 1 for the lans and 1 for the
> DMZ's? Previously (not using monowall) I've had problems creating
> 2 vpns between the same endpoints. Or is there any easier way
> using static routes and firewall rules.
> Many thanks
> David
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch