News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  VPN
linktree Topic: 3 Offices and IPsec
Pages: [1]
Topic: 3 Offices and IPsec  (Read 1916 times)
« on: March 01, 2011, 17:55:48 »
jerameyp *
Posts: 2
I would like to start by apologizing if this question has been asked and answered before. I looked at recent topics but I did not see anything.

We have 3 offices each with a M0n0wall firewall system acting as the DHCP server and connected to the DSL modem. All three offices have DSL. I have fought with our DSL provider and lost they will not assign me a static IP address without me giving up the M0n0wall firewall so I deal with the change of IP address once a month or so.

With that out of the way I have 3 tunnels setup - Office "A" to Office "B"; Office "A" to Office "C"; and Office "B" to Office "C". I also have a couple users setup to connect via pptp with a username and password into Office "A".

So here is my questions. If there a way to allow traffic between Office "B" & Office "C" with one tunnel setup to Office "A".

Poorly created diagram:
  Office "B" >>tunnel>> Office "A" <<tunnel<< Office "C"
                                            ^
  pptp user >>connection>>^

Under the above described diagram pptp user would be able to access data at Office "B" and "C" as well as Office 'B" would be able to access data at Office "C" & pptp user ..etc...

Currently with 3 tunnels the only user who can not access data at remote offices is pptp user. The only reason I am looking for an alternative to my current setup is so that I would only need to update the IP address of Office "A"  at Office "B" & "C". PPTP users use an address setup using dyndns.

I am completely prepared and understand if the answer is "not possible"

Thank you.
Jai
« Reply #1 on: March 01, 2011, 18:16:06 »
Omerik *
Posts: 35
Ciao,

I believe must be possible by configuring the Firewall rules.
https://m0nwall.address/firewall_rules.php

Once I'm connected via PPTP with my m0n0wall from Internet, I fall in the PPTP network and I can "see" all the others network.

Thus I expect that anibody is linked to the m0n0wall, regardless on how is connected, can "see" all others networks; provided that firewall rules are properly configured.

Dyndns is a good way to increase safety of the entire system, nobody can guess or understaind the IP address of your networks.
There's no a second possibility to make a good first impression.

Euro Buchberger
« Reply #2 on: March 02, 2011, 09:34:08 »
rpsmith ***
Posts: 113
you might want to checkout http://forum.pfsense.org/. it's a fork of m0n0wall and supports OpenVPN which work really well with dynamic addresses and has lots of routing options.  OpenVPN will do site-to-site as well as dial-up like PPTP.  also, you will want 2.0 as the OpenVPN is much improved or 1.2.3.

Roy...
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines