VPN

I have a tunnel set up between two offices, managed by our phone company that looks like this.  The tunnel boxes only know about each of the networks below, and I have no easy way to adjust their routing or add static routes.

192.168.1.0/24 gw 192.168.1.254 Office A
192.168.7.0/24 gw 192.168.7.254 Office B

on each side, i have a standard 10/100 Ethernet interface that i can plug into with the m0n0wall units, if I want to.

Both sites have a m0n0wall that is currently running a standard IPSec VPN between the two sites, using T1's to the Internet and public IP's.

How can I continue to use those T1's for basic Internet access, and start utilizing the MPLS tunnel for site to site communications.  I do have extra Ethernet interfaces on both m0n0wall units.  I would think that this would be possible with static routes.  My first thought was to use a VPN over the MPLS network, but I have not yet been successful in this regard.

VPN over MPLS should be unnecessary overhead.

setup a new small subnet for the ends of the MPLS link, like 192.168.2.0/30. Put 192.168.2.1 on one end and 192.168.2.2 on the other (both on OPT interfaces). Add static routes to point the other end's internal subnet to that end's IP on the MPLS link.

If both firewalls are the main gateway on both ends you can use the Monowall boxes as Internet gateways. Just allow outbound for port 80 on the LAN Interface. But if you are trying to keep the the tunnels to where certain pc's can only see each other on both ends I recomend setting up another firewall or router with static routes to the IPsec tunnel firewalls.

I think darklogic is confused on what you're after, what he's describing is what you have now, what I described above is what you want to get to, where you can turn off the existing IPsec VPN and use the MPLS link. that's just a matter of setting up the right routes.

100% agreed to cmb: IPsec over MPLS is appropriate only if you paranoidly don't trust your provider