Re: [m0n0wall] IPSEC and routing question

From:	John Tran <jtran at pcwerk dot com>
To:	Vincent Fleuranceau <vincent at bikost dot com>
Cc:	Charles AMPEAU <charles dot ampeau at unilim dot fr>, m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] IPSEC and routing question
Date:	Fri, 17 Sep 2004 06:24:00 -0700

Vincent Fleuranceau wrote:

> -------- Message original --------
>
>> Hi all,
>>
>> I have a problem with the network map bellow : 
>> http://www.creape.unilim.fr/vpn.jpg
>>
>> I am using a IPSEC between LAN and LAN' because I'm using a WiFi
>> outdoor link. No problem to ping hosts between LAN and LAN'.
>>
>> Impossible to ping from LAN' to DMZ or Internet How can I define a
>> "default ipsec route" for LAN' client?
>
>
> Hi,
>
> You may have to add specific rules to allow traffic from 192.168.2.0/24
> to pass on the 192.168.1.254 interface and/or on the 172.20.4.254 
> interface...
>
> Many issues involve both routing and filtering.

I think that (on linux you) would add the following route to your LAN

  route add -net [remote net] netmask 255.255.255.0 gw [ipsec gateway 
ip] dev [interface]


John