[ previous ] [ next ] [ threads ]
 
 From:  "Mark Spieth" <mspieth at neod dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Monowall to Monowall VPn setup
 Date:  Tue, 14 Dec 2004 12:19:54 -0500
Nevermind. I figured it out. It turns out that I made the pre shared key
hello just to get it up quickly, Well it didn't like that, As soon as I
made it 8 characters long, the VPN linked right up..

Mark Spieth - Director of Internet Services

Northeast Ohio Digital Inc.

http://www.neod.net

mspieth at neod dot net

330-830-6551

 

CONFIDENTIALITY NOTICE: The materials attached hereto are confidential
and the property of the sender. The information contained in the
attached materials is privileged and/or confidential and is intended
only for the use of the above-named individual(s) or entity(ies). If you
are not the intended recipient, be advised that any unauthorized
disclosure, copying, distribution or the taking of any action in
reliance on the contents of the attached information is strictly
prohibited. If you have received this transmission in error, please
discard the information immediately


-----Original Message-----
From: Mark Spieth 
Sent: Tuesday, December 14, 2004 11:23 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Monowall to Monowall VPn setup

OK I have no idea what is wrong here, I have done this in the past, but
for some reason this is just not working. I have 2 monowalls I have
verified that the information all seems to be correct for the VPNS to
link up. But I never seem to get past phase 2

On the one side I get this.

Dec 14 12:28:10 63.147.251.220 racoon: INFO:
isakmp.c:1368:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=7) 
Dec 14 12:28:10 63.147.251.220 racoon: INFO:
isakmp.c:1368:isakmp_open(): 63.147.251.220[500] used as isakmp port
(fd=8) 
Dec 14 12:28:10 63.147.251.220 racoon: INFO:
isakmp.c:1368:isakmp_open(): 192.168.3.209[500] used as isakmp port
(fd=9) 
Dec 14 12:28:11 63.147.251.220 racoon: INFO:
isakmp.c:1694:isakmp_post_acquire(): IPsec-SA request for 65.218.1.253
queued due to no phase1 found. 
Dec 14 12:28:11 63.147.251.220 racoon: INFO:
isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1 negotiation:
63.147.251.220[500]<=>65.218.1.253[500] 
Dec 14 12:28:11 63.147.251.220 racoon: INFO:
isakmp.c:813:isakmp_ph1begin_i(): begin Identity Protection mode. 
Dec 14 12:28:11 63.147.251.220 racoon: INFO:
vendorid.c:128:check_vendorid(): received Vendor ID: KAME/racoon 
Dec 14 12:28:11 63.147.251.220 racoon: INFO:
vendorid.c:128:check_vendorid(): received Vendor ID: KAME/racoon 
Dec 14 12:28:11 63.147.251.220 racoon: INFO:
isakmp.c:2459:log_ph1established(): ISAKMP-SA established
63.147.251.220[500]-65.218.1.253[500]
spi:63b85c6b1fda0fce:d46f361e38aafdf0 
Dec 14 12:28:12 63.147.251.220 racoon: INFO:
isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation:
63.147.251.220[0]<=>65.218.1.253[0]


On the other side I get 

Dec 14 11:19:29 racoon: ERROR: isakmp.c:1063:isakmp_ph2begin_r(): failed
to pre-process packet. 
Dec 14 11:19:29 racoon: ERROR: isakmp_quick.c:1046:quick_r1recv():
failed to get sainfo. 
Dec 14 11:19:29 racoon: ERROR: isakmp_quick.c:1812:get_sainfo_r():
failed to get sainfo.


Any Ideas??



Mark Spieth - Director of Internet Services

Northeast Ohio Digital Inc.

http://www.neod.net

mspieth at neod dot net

330-830-6551

 

CONFIDENTIALITY NOTICE: The materials attached hereto are confidential
and the property of the sender. The information contained in the
attached materials is privileged and/or confidential and is intended
only for the use of the above-named individual(s) or entity(ies). If you
are not the intended recipient, be advised that any unauthorized
disclosure, copying, distribution or the taking of any action in
reliance on the contents of the attached information is strictly
prohibited. If you have received this transmission in error, please
discard the information immediately


-----Original Message-----
From: alex wetmore [mailto:alex at phred dot org] 
Sent: Tuesday, December 14, 2004 11:04 AM
To: Bryan Catlin
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] to Wrap or to Soekris that is my question?

On Mon, 13 Dec 2004, Bryan Catlin wrote:
> We are expanding and wanting a smaller unit, instead of our normal
regular
> pcs, for in the field installs.  Most will be in semi weather proof
areas
> like outdoor enclosures or at least protected from the elements but
not
> necessarily heat and cold.
>
> So what I want to know is, is the Wrap or Soekris board more
> flexible/reliable to use?  We may need the 3rd LAN port and have a
thru put
> of about 10Mb and 45Mb in the future.

Each company makes a variety of products.  I also don't know how price 
sensitive you are.

I am price sensitive (home user) which lead me to purchase a WRAP. 
Specifically I got the WRAP 1C-2 (3 LAN port model).  This worked great 
for months, and then I ran into some stability problems.  Pascal (from 
PCEngines) sent me a replacement WRAP 1D-2 which solved the problems.
The 
company was very easy to work with.  I don't think that hardware
failures 
for the WRAP boards have been common, I only have read about one other 
incident.

There isn't a completely comparable product from Soekris.  The WRAP
boards 
have a faster processor than all Soekris boards except for the 4801 and 
4826.  The Soekris 4801 boards have some additional features over the
WRAP 
1D-2 such as a IDE port and USB 1.1 ports.  Neither of these are
necessary 
for m0n0wall, so I ignored them.

The PCEngines stuff is much cheaper than Soekris.  The Soekris 4801 is 
$222 vs $147 for a WRAP 1D-2.  The cheapest Soekris is about the same 
price as the WRAP 1D-2 but uses a CPU with about half of the speed.
This 
is probably fine for m0n0wall today, but I preferred to have the extra 
headroom.

I don't think that you can really go wrong with products from either 
company, it is just a matter of comparing features to cost for your 
specific application.

alex

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch