News
:
This forum is now permanently frozen.
m0n0wall Forum
>
m0n0wall Support (English)
>
Firewall/NAT
Topic: Ipsec access from internet
Pages: [
1
]
Topic: Ipsec access from internet (Read 2474 times)
Ipsec access from internet
« on: December 19, 2011, 06:35:21 »
melbmoon
Posts: 5
Hi,
I have VPN Ipsec setup and runing properly.
I can ping and RDP between computers in each site.
My question is how to get the server behind Site A can be access by using the WAN IP address of Site B?
Any help would be highly appreciated.
My scenario is attached below.
mono.jpg
(52.46 KB, 740x385 - viewed 180 times.)
«
Last Edit: December 19, 2011, 06:52:55 by melbmoon
»
Re: Ipsec access from internet
« Reply #1 on: December 19, 2011, 14:33:21 »
Fred Grayson
Posts: 994
Have you tried adding a NAT and firewall rule from the WAN IP of site B to 192.168.1.2?
I doubt it would work, but worth a try.
--
Google is your friend and Bob's your uncle.
Re: Ipsec access from internet
« Reply #2 on: December 20, 2011, 01:56:37 »
melbmoon
Posts: 5
Hi Fred,
I have tried add following Firewall rules and NAT but it does not work. I might set something wrong?
Is there something i have to do with the NAT Outbound?
192.168.10.111 is the web server instead of 192.168.1.2 the the diagram above.
Firewall IPSec.JPG
(44.22 KB, 698x376 - viewed 167 times.)
Firewall Lan.JPG
(29.63 KB, 694x273 - viewed 164 times.)
Firewall WAN.JPG
(38.62 KB, 690x369 - viewed 173 times.)
NAT inbound.JPG
(36.51 KB, 692x278 - viewed 170 times.)
«
Last Edit: December 20, 2011, 02:15:23 by melbmoon
»
Re: Ipsec access from internet
« Reply #3 on: December 20, 2011, 02:05:48 »
Fred Grayson
Posts: 994
I didn't think it would work, but was worth a try. I don't have any other suggestions for you, sorry.
There are some very knowledgeable people here, if it can be done and they see this thread,, you'll get an answer.
--
Google is your friend and Bob's your uncle.
Re: Ipsec access from internet
« Reply #4 on: December 20, 2011, 02:17:32 »
melbmoon
Posts: 5
is this my answer in the handbook?
15.29. Can I forward broadcasts over VPN for gaming or other purposes?
Not yet. OpenVPN will make this possible in the future.
Re: Ipsec access from internet
« Reply #5 on: December 20, 2011, 02:22:57 »
Fred Grayson
Posts: 994
I don't think so. That refers to having things like Windows file sharing having visible workgroup computers. That requires broadcasts to work.
--
Google is your friend and Bob's your uncle.
Re: Ipsec access from internet
« Reply #6 on: December 20, 2011, 02:34:50 »
melbmoon
Posts: 5
Thank fred,
I have set up the static routes as screenshot and have firewall log as bellow while already add the rule in the LAN
Proto
TCP
Source
*
Port
*
Destination
192.168.10.111
Port
80 (HTTP) Description
Did I miss some thing?
Static Routes.JPG
(20.1 KB, 712x174 - viewed 167 times.)
Firewall Logs.JPG
(81.44 KB, 699x459 - viewed 161 times.)
Re: Ipsec access from internet
« Reply #7 on: January 13, 2012, 00:50:26 »
brushedmoss
Posts: 446
I don't think this achievable , ipsec tunnels are based on rules of traffic coming in from a lan interface and trying to reach the opposite lan.
in your scenario, even with NAt, your packet doesn't leave the lan , to re-enter it (and then enter vpn). you would need a reverse proxy on the lan I think
Pages: [
1
]