Hello,
This FAQ entry:
http://doc.m0n0.ch/handbook/faq-snmpovervpn.htmlmakes this statement, which I'd like to know more about:
"There's an annoying but mostly harmless side-effect to this - every LAN
packet to the tunnel elicits a no-change ICMP Redirect."
Would someone shed more light on what the above snippet means? What are the ramifications of defining a route like this:
interface: LAN
network: LAN net of a second m0n0wall (connected by IPsec VPN)
Gateway: LAN IP of this (first) m0n0wall
Why I am doing this: active directory was recently installed at site 1. Site 2 is small enough that there will not be a local domain controller. Both sites are connected by a m0n0wall 1.3 IPsec VPN. I would like m0n0wall at site 2, to proxy DNS lookups for active directory, to the domain controller at site 1. I have found that m0n0wall at site 2 does not properly initiate a connection to the DNS server at site 1, apparently due to the IPsec kludge referenced in the above FAQ.
Setting up the route on m0n0wall at site 2 seems to allow m0n0wall 2 to do DNS lookups with the server at site 1, but I would like to know how this may impact the VPN connection from the clients (workstation) perspective.
Thank you,
Ivan.