[ previous ] [ next ] [ threads ]
 
 From:  "David Kitchens" <spider at webweaver dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC and routing question
 Date:  Fri, 17 Sep 2004 11:21:24 -0400
IPSEC joins two DIFFERENT subnets to make one usable virtual LAN, you must
have different subnets on both sides, using 128.0.0.x on both sides will not
work.

Dave 

> -----Original Message-----
> From: Charles AMPEAU [mailto:charles dot ampeau at unilim dot fr] 
> Sent: Friday, September 17, 2004 11:13 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] IPSEC and routing question
> 
> Hi all,
> 
> I'm having headake for now. Impossible to make my network map 
> working...
> 
> I can join networks with IPSEC but can't set the default 
> route via the tunnel.
> 
> It was working great with a remote subnet of 128.0.0.0/1 on 
> right m0n0 and local subnet 128.0.0.0/1 on left m0n0. But 
> it's only working on high internet IP. Impossible to ping 
> 64.x.x.x or 84.x.x.x.x.
> 
> I'am giving up for the moment.
> 
> No more idea?
> 
> Regards
> 
> Charles
> 

> 
> > Vincent Fleuranceau wrote:
> > 
> >> -------- Message original --------
> >>
> >>> Hi all,
> >>>
> >>> I have a problem with the network map bellow : 
> >>> http://www.creape.unilim.fr/vpn.jpg
> >>>
> >>> I am using a IPSEC between LAN and LAN' because I'm using a WiFi 
> >>> outdoor link. No problem to ping hosts between LAN and LAN'.
> >>>
> >>> Impossible to ping from LAN' to DMZ or Internet How can I 
> define a 
> >>> "default ipsec route" for LAN' client?
> >>
> >>
> >>
> >> Hi,
> >>
> >> You may have to add specific rules to allow traffic from 
> >> 192.168.2.0/24 to pass on the 192.168.1.254 interface 
> and/or on the 
> >> 172.20.4.254 interface...
> >>
> >> Many issues involve both routing and filtering.
> > 
> > 
> > I think that (on linux you) would add the following route 
> to your LAN
> > 
> >  route add -net [remote net] netmask 255.255.255.0 gw 
> [ipsec gateway 
> > ip] dev [interface]
> > 
> > 
> > John
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>