Progress! I'm no longer sad! But I have SAD - both sides.
However I still can't get anything through the tunnel so I'm still a little down (haha) - what did I
My home network is 192.168.99.x work is 10.0.0.x and those subnets (/24 each) are the endpoints to
Pinging 10.0.0.1 (a cisco) fails from both m0n0 itself and my own cpu.
Do I need to add a route (I thought the tunnel did that automagically)??
Do I need to further modify firewall rules? (thought IPSEC was transparent...?)
Here's the happier SAD
Source Destination Protocol SPI Enc. alg. Auth. alg.
220.127.116.11 18.104.22.168 ESP 0105023b blowfish-cbc hmac-md5
22.214.171.124 126.96.36.199 ESP 0c89c8ff blowfish-cbc hmac-md5
TIA, and maybe I'll hit the wiki up with some more 'how to troubleshoot' on this.
From: Chris Buechler [mailto:cbuechler at gmail dot com]
Sent: Fri 1/21/2005 2:29 PM
To: Keith Redfield
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] m0n0 <==> m0n0 IPSEC VPN - diagnosing
On Thu, 20 Jan 2005 23:36:07 -0800, Keith Redfield
<kredfield at airsurfwireless dot com> wrote:
> Just want to clarify- if my SAD is empty I should be sad, right? (no VPN)
:) yes, that's correct.
> I think I typo'd the remote subnet entry on the other side. Is that enough to kill the
I don't believe that specific part would, but it might. You almost
certainly have something mismatched.