[ previous ] [ next ] [ threads ]
 
 From:  Charles AMPEAU <charles dot ampeau at unilim dot fr>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC and routing question
 Date:  Fri, 17 Sep 2004 17:13:18 +0200
Hi all,

I'm having headake for now. Impossible to make my network map working...

I can join networks with IPSEC but can't set the default route via the 
tunnel.

It was working great with a remote subnet of 128.0.0.0/1 on right m0n0 
and local subnet 128.0.0.0/1 on left m0n0. But it's only working on high 
internet IP. Impossible to ping 64.x.x.x or 84.x.x.x.x.

I'am giving up for the moment.

No more idea?

Regards

Charles



> Vincent Fleuranceau wrote:
> 
>> -------- Message original --------
>>
>>> Hi all,
>>>
>>> I have a problem with the network map bellow : 
>>> http://www.creape.unilim.fr/vpn.jpg
>>>
>>> I am using a IPSEC between LAN and LAN' because I'm using a WiFi
>>> outdoor link. No problem to ping hosts between LAN and LAN'.
>>>
>>> Impossible to ping from LAN' to DMZ or Internet How can I define a
>>> "default ipsec route" for LAN' client?
>>
>>
>>
>> Hi,
>>
>> You may have to add specific rules to allow traffic from 192.168.2.0/24
>> to pass on the 192.168.1.254 interface and/or on the 172.20.4.254 
>> interface...
>>
>> Many issues involve both routing and filtering.
> 
> 
> I think that (on linux you) would add the following route to your LAN
> 
>  route add -net [remote net] netmask 255.255.255.0 gw [ipsec gateway ip] 
> dev [interface]
> 
> 
> John