[ previous ] [ next ] [ threads ]
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  possible IPSEC-Bug in 1.2b3? please verify if possible
 Date:  Fri, 21 Jan 2005 18:22:54 +0100
I have 2 m0n0s running with pppoe-connection, one with static IP, one with dynamic IP. 
I configured an IPSEC, the static one is accepting mobile clients, the dynamic one is tunnelling to
the static IP. The problem is the following:
The dynamic m0n0wall tries to authenticate but doesn´t get the phase 1 up (time up waiting for key).
The logs of the static m0n0 show, that the request
of the dynamic m0n0 comes in, after that it tries to generate a key which exits with an error and
the key isn´t send. Sometimes the process succeeds 
but it is most common, that the next keyexchange fails then (the reauthorisation after the lifetime
has expired).
I downgraded first the dynamic m0n0 to 1.11 with no success, still the same errors. After that I
downgraded the static m0n0 to 1.11 and since this there
were no problems with the tunnel any more. The config.xml is still the same, as I only downgraded
the firmware of the running system without changing
something. So I don´t think that there was something missconfigured and I checked the configuration
several times.
Unfortunately I haven´t saved the logs but maybe this information is enough to trace down the error.
If not please contact me and I´ll upgrade to 1.2b3 
again to save some logs (I don´t have the time to do so, but if it is absolutely necessary to trace
down the error I´ll do it although I don´t know when).
Kind regards,
Holger Bauer

Virus checked by G DATA AntiVirusKit