Ok, I remembered something. When using 'road-warriors', you need to
configure them to use agressive instead of main mode. Once I changed
that, my tunnel came up at once.
Thanks for your help guys.
JSimoneau at lmtcs dot com wrote:
> As long as you have a static IP on one side of the tunnel, you can do
> ipsec fine.
> When setting up the two monowall boxes on either side, one of them will be
> using the "tunnels" tab of the ipsec configuration. The other side will be
> using the "mobile clients" and "pre-shared key" tab.
> In your case, you would want the central office with the static IP to be
> setup with the "mobile clients" and "pre-shared key" tabs. Notice that
> this part of the configuration does not require a static IP to be input
> anywhere. This side of the tunnel authenticates using an identifier and
> pre-shared key. As an identifier, use something other than the IP
> address. I suggest using the 'domain name' option and using a random
> domain name. This domain name does NOT need to resolve to a particular IP
> address, it is simply an identifer used for the connection. You can use
> monowallisgreat.com as long as it is consistant on both ends.
> On the remote side(s) you want to setup the "tunnels" part of the ipsec
> configuration. In this part you need to enter an IP for the remote
> gateway, which will be the static IP of the central office monowall. Make
> sure the pre-shared keys are the same on either end.
> That's it, let me know if you need more help.
> - Josh
> -----Original Message-----
> From: jftheroux at privalodc dot com [mailto:jftheroux at privalodc dot com]
> Sent: Wednesday, December 22, 2004 10:53 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] IPsec tunnels question
> Maybe its the lack of sleep, or might just be that m0n0wall can't
> do this. I'm not sure, so I turn to you all knowledgeable people for this.
> Say that you have your central office, which has obviously a
> static public IP. It will be the main hub for several IPsec tunnels to
> remote offices. Problem is, those remote offices don't have static IPs.
> When you configure a tunnel in m0n0wall, you don't have a choice,
> you need to enter a static IP for the remote gateway. If I could enter a
> FQDN, I could use a dyndns.org setup and it'd be fine. Which I can't, as
> far as I can see.
> So, is there a workaround for this with m0n0wall? Or, sadly, will
> I have to use a different solution. Don't talk about OpenVPN. This was
> already rejected, client wants a IPsec solution, or takes his business
> Jean-Francois Theroux
> Systems administrator
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch