[ previous ] [ next ] [ threads ]
 From:  "Keith Redfield" <kredfield at airsurfwireless dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0 <==> m0n0 IPSEC VPN - diagnosing
 Date:  Fri, 21 Jan 2005 20:21:49 -0800
Progress! I'm no longer sad! But I have SAD - both sides.
However I still can't get anything through the tunnel so I'm still a little down (haha) - what did I
My home network is 192.168.99.x work is 10.0.0.x and those subnets (/24 each) are the endpoints to
the tunnel. 
Pinging (a cisco) fails from both m0n0 itself and my own cpu.
Do I need to add a route (I thought the tunnel did that automagically)??
Do I need to further modify firewall rules? (thought IPSEC was transparent...?)
Here's the happier SAD

*	SAD 

Source	 Destination	 Protocol	 SPI	 Enc. alg.	 Auth. alg.	 ESP	 0105023b	 blowfish-cbc	 hmac-md5	 ESP	 0c89c8ff	 blowfish-cbc	 hmac-md5	  	
TIA, and maybe I'll hit the wiki up with some more 'how to troubleshoot' on this. 


From: Chris Buechler [mailto:cbuechler at gmail dot com]
Sent: Fri 1/21/2005 2:29 PM
To: Keith Redfield
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] m0n0 <==> m0n0 IPSEC VPN - diagnosing

On Thu, 20 Jan 2005 23:36:07 -0800, Keith Redfield
<kredfield at airsurfwireless dot com> wrote:
> Just want to clarify- if my SAD is empty I should be sad, right? (no VPN)

:)  yes, that's correct. 

> I think I typo'd the remote subnet entry on the other side. Is that enough to kill the
relationship entirely?

I don't believe that specific part would, but it might.  You almost
certainly have something mismatched.