[ previous ] [ next ] [ threads ]
 From:  Jean-Francois Theroux <jftheroux at privalodc dot com>
 To:  JSimoneau at lmtcs dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPsec tunnels question
 Date:  Wed, 22 Dec 2004 13:37:20 -0500
Ok, I remembered something. When using 'road-warriors', you need to 
configure them to use agressive instead of main mode. Once I changed 
that, my tunnel came up at once.

Silly me.

Thanks for your help guys.


JSimoneau at lmtcs dot com wrote:
> Jean-Francois,
> As long as you have a static IP on one side of the tunnel, you can do
> ipsec fine.
> When setting up the two monowall boxes on either side, one of them will be
> using the "tunnels" tab of the ipsec configuration. The other side will be
> using the "mobile clients" and "pre-shared key" tab. 
> In your case, you would want the central office with the static IP to be
> setup with the "mobile clients" and "pre-shared key" tabs. Notice that
> this part of the configuration does not require a static IP to be input
> anywhere. This side of the tunnel authenticates using an identifier and
> pre-shared key.  As an identifier, use something other than the IP
> address. I suggest using the 'domain name' option and using a random
> domain name. This domain name does NOT need to resolve to a particular IP
> address, it is simply an identifer used for the connection. You can use
> monowallisgreat.com as long as it is consistant on both ends.
> On the remote side(s) you want to setup the "tunnels" part of the ipsec
> configuration.  In this part you need to enter an IP for the remote
> gateway, which will be the static IP of the central office monowall. Make
> sure the pre-shared keys are the same on either end.
> That's it, let me know if you need more help.
> - Josh
> -----Original Message-----
> From: jftheroux at privalodc dot com [mailto:jftheroux at privalodc dot com] 
> Sent: Wednesday, December 22, 2004 10:53 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] IPsec tunnels question
> Hello,
> 	Maybe its the lack of sleep, or might just be that m0n0wall can't
> do this. I'm not sure, so I turn to you all knowledgeable people for this.
> 	Say that you have your central office, which has obviously a
> static public IP. It will be the main hub for several IPsec tunnels to
> remote offices. Problem is, those remote offices don't have static IPs.
> 	When you configure a tunnel in m0n0wall, you don't have a choice,
> you need to enter a static IP for the remote gateway. If I could enter a
> FQDN, I could use a dyndns.org setup and it'd be fine. Which I can't, as
> far as I can see.
> 	So, is there a workaround for this with m0n0wall? Or, sadly, will
> I have to use a different solution. Don't talk about OpenVPN. This was
> already rejected, client wants a IPsec solution, or takes his business
> elsewhere.
> Thanks,
> --
> Jean-Francois Theroux
> Systems administrator
> 514.726.3732
> PrivalODC
> http://www.privalodc.com
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Jean-Francois Theroux
Systems administrator