Re: [m0n0wall] IPsec

From:	Chris Buechler <cbuechler at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] IPsec
Date:	Mon, 22 Nov 2004 21:22:35 -0500

On Sat, 20 Nov 2004 22:30:46 -0500 (EST), Seth Rothenberg
<seth at pachai dot net> wrote:
> I am trying to set up an IPSec tunnel between my two m0n0's.
> Both m0n0's seem to be fully-functioning, and they can ping each other.
> I followed the guide in the m0n0-manual, and this is what I got:
> (IP addresses changed to protect the hacker-wanna-be's from themselves)
> 
> IPSec on 216.216.216.216
> LAN               WAN
> 10.248.56.0/24       64.64.64.64      aggressive    3DES   MD5
> 
> IPSec on 64.64.64.64
>  LAN                 WAN
> 10.248.126.0/24     216.216.216.216    aggressive   3DES   MD5
> 
> I tried pinging 10.248.126.2 from 64, and 10.248.56.1 from 216,
> and got no answer (100% loss) - it did not complain about no route.
> 
> Diagnostics/IPSec shows nothing under SAD


Something in the IPsec negotiations is failing if you have nothing in
your SAD.  Check your logs (Diagnostics -> System logs) to see what's
going on.  You almost certainly have something mismatched.  Double
check your settings.

-Chris