[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  <m0n0wall at lists dot m0n0 dot ch>, <tixe at tixe dot com dot ar>
 Subject:  AW: [m0n0wall] possible IPSEC-Bug in 1.2b3? please verify if possible
 Date:  Fri, 21 Jan 2005 18:42:43 +0100 
As I have to connect two networks and not only one client to a network pptp 
doesn´t work for me in this situation. And with 1.11 and the same 
configuration everything works fine, so it IS possible. The IP of the
dynamic side changes every 24 hours, so it is not an option to run this as 
"pseudo-static" and I don´t want to have to do administration for this
from time to time either. I think something must have changed from 1.11
to 1.2b3 causing the failure as it is running with 1.11.

-----Ursprüngliche Nachricht-----
Von: Tixe Exit [mailto:tixe at tixe dot com dot ar] 
Gesendet: Freitag, 21. Januar 2005 18:35
An: m0n0wall at lists dot m0n0 dot ch
Betreff: RW: [m0n0wall] possible IPSEC-Bug in 1.2b3? please verify if possible


How you resolved, the thing that the into the Statica m0n0 put the IP from
the dynamic (when the dynamic change every N Times ).

I tried to run IPSec into m0n0 from dynamic to dynamic, and i can't do that,
an from static to dynamic the same thing, only i can do work static to
static, ( i do no tryied to work with ipsec with mobile clients, for that i
use PPPTP ).

Tixe

-----Original Message-----
From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de]
Sent: Friday, January 21, 2005 2:23 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] possible IPSEC-Bug in 1.2b3? please verify if possible

Hi,

I have 2 m0n0s running with pppoe-connection, one with static IP, one with
dynamic IP.
I configured an IPSEC, the static one is accepting mobile clients, the
dynamic one is tunnelling to the static IP. The problem is the following:
The dynamic m0n0wall tries to authenticate but doesn´t get the phase 1 up
(time up waiting for key). The logs of the static m0n0 show, that the
request
of the dynamic m0n0 comes in, after that it tries to generate a key which
exits with an error and the key isn´t send. Sometimes the process succeeds
but it is most common, that the next keyexchange fails then (the
reauthorisation after the lifetime has expired).
I downgraded first the dynamic m0n0 to 1.11 with no success, still the same
errors. After that I downgraded the static m0n0 to 1.11 and since this there
were no problems with the tunnel any more. The config.xml is still the same,
as I only downgraded the firmware of the running system without changing
something. So I don´t think that there was something missconfigured and I
checked the configuration several times.
Unfortunately I haven´t saved the logs but maybe this information is enough
to trace down the error. If not please contact me and I´ll upgrade to 1.2b3
again to save some logs (I don´t have the time to do so, but if it is
absolutely necessary to trace down the error I´ll do it although I don´t
know when).

Kind regards,
Holger Bauer




____________
Virus checked by G DATA AntiVirusKit




---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch



____________
Virus checked by G DATA AntiVirusKit
Version: AVK 15.0.2562 from 21.01.2005
Virus news: www.antiviruslab.com

____________
Virus checked by G DATA AntiVirusKit