[ previous ] [ next ] [ threads ]
 From:  "Tixe Exit" <tixe at tixe dot com dot ar>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RW: [m0n0wall] possible IPSEC-Bug in 1.2b3? please verify if possible
 Date:  Fri, 21 Jan 2005 14:34:51 -0300
How you resolved, the thing that the into the Statica m0n0 put the IP from
the dynamic (when the dynamic change every N Times ).

I tried to run IPSec into m0n0 from dynamic to dynamic, and i can't do that,
an from static to dynamic the same thing, only i can do work static to
static, ( i do no tryied to work with ipsec with mobile clients, for that i
use PPPTP ).


-----Original Message-----
From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de]
Sent: Friday, January 21, 2005 2:23 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] possible IPSEC-Bug in 1.2b3? please verify if possible


I have 2 m0n0s running with pppoe-connection, one with static IP, one with
dynamic IP.
I configured an IPSEC, the static one is accepting mobile clients, the
dynamic one is tunnelling to the static IP. The problem is the following:
The dynamic m0n0wall tries to authenticate but doesn´t get the phase 1 up
(time up waiting for key). The logs of the static m0n0 show, that the
of the dynamic m0n0 comes in, after that it tries to generate a key which
exits with an error and the key isn´t send. Sometimes the process succeeds
but it is most common, that the next keyexchange fails then (the
reauthorisation after the lifetime has expired).
I downgraded first the dynamic m0n0 to 1.11 with no success, still the same
errors. After that I downgraded the static m0n0 to 1.11 and since this there
were no problems with the tunnel any more. The config.xml is still the same,
as I only downgraded the firmware of the running system without changing
something. So I don´t think that there was something missconfigured and I
checked the configuration several times.
Unfortunately I haven´t saved the logs but maybe this information is enough
to trace down the error. If not please contact me and I´ll upgrade to 1.2b3
again to save some logs (I don´t have the time to do so, but if it is
absolutely necessary to trace down the error I´ll do it although I don´t
know when).

Kind regards,
Holger Bauer

Virus checked by G DATA AntiVirusKit