|
||||||||
I have a problem with ipsec. I have set up a net-net vpn described below between my office (using linux+frees/wan) and home (using m0n0). home--------------------------------------office lan ip: 10.0.0.0/24 lan ip: 192.168.0.0/24 m0n0 lan ip: 10.0.0.9 linux ip: 192.168.0.3 The VPN works fine between any 2 host on the network, but not between m0n0 and the office network. The same problem arise with linux too. The cause was that when I tried to send a packet from the router, the source ip was the WAN ip, and it got routed via the ISP's router, not the tunnel. It was resolved by inserting the following command in an updown script for frees/wan: ip route replace %m0n0_WAN_IP% via %linux_gateway% dev ipsec0 src 192.168.0.3 So I can ping anything on my home net, including m0n0, and I'd need to do the same from m0n0 too, especially so I could set up a DNS forwarder for the office DNS server. Since I installed m0n0 today, and this is the first BSD system I use, I don't know how I can replace the linux "ip route" commands under BSD. Thanks for your help. Zsolt Szeberenyi |