News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  VPN
linktree Topic: Opt1 to Opt1 VPN
Pages: [1]
Topic: Opt1 to Opt1 VPN  (Read 1386 times)
« on: December 31, 2007, 01:15:28 »
mcgurka *
Posts: 1
I have 2 m0n0's in two seperate sites, each with 2 internet connections, what I would like is as follows....

Lan (site 1) 192.168.0.x/24
|
|
M0n0 (site 1) ------- Wan (80.192.xxx.yyy)
|
|
Opt1 (site 1) 80.229.192.xxx/28
V
V
Opt1 (site2) 85.189.151.xxx/28
|
|
M0n0 (site2) - Wan (72.121.89.xxx/28)
|
|
Lan (site2) 192.168.254.xxx/24

If i set the endpoints to the wan interfaces, the tunnel comes up Aok, but if I change them to the Opt1 interfaces in the settings, Racoon aborts phase2 because of a timeout waiting for phase 1.

As a test, I set rules temporarily on the interfaces allowing all from all to all, but the m0n0's seem to be blocking pings from the other site, even though they shouldnt! Also, the boxes dont route from lan to opt correctly. The diags in the box can ping the opt1 gateways ok, but the lan hosts cannot. If i add a spurious static route for the network, and remove it, I can ping the opt1 gateways from the lan machines (but only on the same site) and still no vpn!

Any ideas?

Scott
« Reply #1 on: December 31, 2007, 18:07:47 »
lonnie *
Posts: 24
Scott,

I have not tried your scenario, but you might play around with enabling "Enable advanced outbound NAT" to get the LAN to OPT1 (public IP) route working, and that might help your IPsec.

I'm also assuming you are using the latest beta (1.3B7 currently).

Lonnie
« Last Edit: December 31, 2007, 18:19:15 by lonnie »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines