News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  VPN
linktree Topic: m0n0 to m0n0 VPN can't ping remote hosts [SOLVED]
Pages: [1]
Topic: m0n0 to m0n0 VPN can't ping remote hosts [SOLVED]  (Read 3689 times)
« on: May 31, 2007, 22:11:13 »
mlabenda *
Posts: 25
Hey there

i have a m0n0 to m0n0 VPN setup (Version 1.231)
both sites static IP.

Subnet A 192.168.178.0/24 (Soekris 4801)
Subnet B 172.16.32.0/21 (Soekris 4501)

I can go from Subnet A to the m0nowall in Subnet B (172.16.32.4)
but i can't get to any other host in subnet B like 172.16.32.1 or 20

Any Idea Huh
« Last Edit: June 01, 2007, 11:56:09 by mlabenda »
« Reply #1 on: June 01, 2007, 00:10:45 »
darklogic *
Posts: 45
First question,

Do all of your host have their gateway point to the monowall box. If not, the only clients that will show will be the ones that have their gateway set to look at the monowall box. Change the gateway of a few host and then try pinging them.

Note that you are chaning the host gateway to the LAN interface of the firewall.

If you are doing dhcp they should already route themselves to the firewall.

Hope this resolves what you are seeing
« Reply #2 on: June 01, 2007, 09:20:11 »
socate *
Posts: 13
detail a little bit more! What parameter you use on VPN? From where you give the ping. What rules you create for VPN?
« Reply #3 on: June 01, 2007, 10:08:05 »
mlabenda *
Posts: 25
On the Subnet A (192.168.178.0/24) i use DHCP and every host does get the m0n0wall as GW
On the other network it does not use DHCP and the GW for the hosts is a different one
« Reply #4 on: June 01, 2007, 10:44:30 »
socate *
Posts: 13
Not LAN parameters...IPSec parameters!

After you create the tunnel see IPSec status and check if it's OK! After that, create a rule that allow to the LAN's to comunicate one to another. Without this rule you will not be able to ping one host to another!
« Reply #5 on: June 01, 2007, 11:55:45 »
mlabenda *
Posts: 25
@ socate
The VPN tunnel works fine.

since the 172.16.32.4 is NOT the Default GW in Subnet B i just add a route on the remotehost i want to talk to

route add -net 192.168.178.0/24 gw 172.16.32.4 -p

and it works.
« Reply #6 on: June 01, 2007, 12:40:19 »
socate *
Posts: 13
normal each subnet has a default GW! You can specify there the default route and you don't need to add windows cmd line on each computer. is more simple...but it's your decision.

If I understand well. m0n0 is the GW so you need to have tunnel up and rules created on each GW where allow access on all ports from lannet to remote lan. On me work very well in this way.
« Reply #7 on: June 02, 2007, 14:13:53 »
mlabenda *
Posts: 25
The tunnel works fine, just the m0n0wall in the remote subnet is NOT the default GW in the remote subnet (B).
Looks like the host don't take the correct returnroute.

The Defauft gw in Subnet B is 172.16.32.1, but m0n0's IP is 172.16.32.4
I could set a route on the remote subnet GW to 192.168.178.0/24, but i don't want that.

Anyway thanks for help
It works as i need it
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines