[ previous ] [ next ] [ threads ]
 
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  New release and IPSec problem
 Date:  Mon, 3 Nov 2003 10:38:06 -0500
I think I found a problem with the new release and IPSec.  I had a working
IPSec config with version 18.  I upgraded to 19, and it still works except I
can only communicate with people on the other LANs, but if they try and
communicate with me, no go.  They can ping my LAN interface, and that's it.
Here is a copy of  cat /var/etc/racoon.conf.  This config was working
perfectly with the old version.  Could this be a firewall issue considering
the changes made to that?  I tried putting allows for all traffic to and
from 192.168.0.0, but no luck.

Chris
path pre_shared_key "/var/etc/psk.txt";

remote 24.187.115.86 {
    exchange_mode main;
    my_identifier address "24.190.174.211";
    peers_identifier address 24.187.115.86;
    initial_contact on;
    support_proxy on;
    proposal_check obey;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method pre_shared_key;
        dh_group 2;
        lifetime time 86400 secs;
    }
    lifetime time 86400 secs;
}

sainfo address 192.168.2.0/24 any address 192.168.4.0/24 any {
    encryption_algorithm 3des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
    pfs_group 2;
    lifetime time 86400 secs;
}

remote 24.185.231.163 {
    exchange_mode main;
    my_identifier address "24.190.174.211";
    peers_identifier address 24.185.231.163;
    initial_contact on;
    support_proxy on;
    proposal_check obey;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method pre_shared_key;
        dh_group 2;
        lifetime time 86400 secs;
    }
    lifetime time 86400 secs;
}

sainfo address 192.168.2.0/24 any address 192.168.3.0/24 any {
    encryption_algorithm 3des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
    pfs_group 2;
    lifetime time 86400 secs;
}

remote 24.190.161.244 {
    exchange_mode main;
    my_identifier address "24.190.174.211";
    peers_identifier address 24.190.161.244;
    initial_contact on;
    support_proxy on;
    proposal_check obey;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method pre_shared_key;
        dh_group 2;
        lifetime time 86400 secs;
    }
    lifetime time 86400 secs;
}

sainfo address 192.168.2.0/24 any address 192.168.1.0/24 any {
    encryption_algorithm 3des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
    pfs_group 2;
    lifetime time 86400 secs;
}

remote 24.184.150.82 {
    exchange_mode main;
    my_identifier address "24.190.174.211";
    peers_identifier address 24.184.150.82;
    initial_contact on;
    support_proxy on;
    proposal_check obey;
    proposal {
        encryption_algorithm des;
        hash_algorithm md5;
        authentication_method pre_shared_key;
        dh_group 2;
        lifetime time 86400 secs;
    }
    lifetime time 86400 secs;
}

sainfo address 192.168.2.0/24 any address 192.168.5.0/24 any {
    encryption_algorithm des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
    pfs_group 2;
    lifetime time 86400 secs;
}

remote 24.190.161.244 {
    exchange_mode main;
    my_identifier address "24.190.174.211";
    peers_identifier address 24.190.161.244;
    initial_contact on;
    support_proxy on;
    proposal_check obey;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method pre_shared_key;
        dh_group 2;
        lifetime time 86400 secs;
    }
    lifetime time 86400 secs;
}

sainfo address 192.168.2.0/24 any address 192.168.6.0/24 any {
    encryption_algorithm 3des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
    pfs_group 2;
    lifetime time 86400 secs;
}

remote 207.198.250.254 {
    exchange_mode main;
    my_identifier address "24.190.174.211";
    peers_identifier address 207.198.250.254;
    initial_contact on;
    support_proxy on;
    proposal_check obey;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method pre_shared_key;
        dh_group 5;
        lifetime time 86400 secs;
    }
    lifetime time 86400 secs;
}

sainfo address 192.168.2.0/24 any address 172.16.0.0/16 any {
    encryption_algorithm des,3des,blowfish,cast128,rijndael;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
    pfs_group 5;
    lifetime time 86400 secs;
}