Greetings, all. I have configured an IPSEC tunnel between two sites.
The left site:
-is protected by m0n0 with a WAN address of a.b.c.d
-has an internal network 10.0.0.0/24
-all hosts are outbound NAT'ed to a.b.c.d
-contains a host 10.0.0.4
The right site
-is protected by a Linksys VPN "firewall" with a WAN address of w.x.y.z
-has an internal network 10.0.100.0/24
-all hosts are outbound NAT'ed to w.x.y.z
-contains a host 10.0.100.2
The tunnel is a host to host tunnel with the left host being 10.0.0.4
and the right host 10.0.100.2
The tunnel can be successfully established, but no traffic flows.
Furthermore, any attempt to contact the right host from the left host
results in a block entry in the m0n0 firewall log, as though m0n0 isn't
recognising that that the packet should be encapsulated and sent through
the tunnel. The Linksys doesn't show any traffic arriving across the
A typical m0n0 log entry:
13:24:25.252157 fxp0 @0:22 b 10.0.0.4,4663 -> 10.0.100.2,7001 PR tcp len
20 48 -S IN
1. I tried adding a LAN rule to allow the traffic, but while that stops
the log entry, the traffic still doesn't move across.
2. I tried turning off the *"Block private networks" on the WAN
interface of m0n0, but that had no effect.
I suspect the problem may have something to do with the NAT side of
things, but I'm not sure what to try.
Any comments or suggestions?