[ previous ] [ next ] [ threads ]
 
 From:  "Keith Redfield" <kredfield at airsurfwireless dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0 <==> m0n0 IPSEC VPN - diagnosing
 Date:  Fri, 21 Jan 2005 20:21:49 -0800
Progress! I'm no longer sad! But I have SAD - both sides.
 
However I still can't get anything through the tunnel so I'm still a little down (haha) - what did I
miss?
 
My home network is 192.168.99.x work is 10.0.0.x and those subnets (/24 each) are the endpoints to
the tunnel. 
 
Pinging 10.0.0.1 (a cisco) fails from both m0n0 itself and my own cpu.
 
Do I need to add a route (I thought the tunnel did that automagically)??
 
Do I need to further modify firewall rules? (thought IPSEC was transparent...?)
 
 
Here's the happier SAD
 

*	SAD 

Source	 Destination	 Protocol	 SPI	 Enc. alg.	 Auth. alg.	 	
64.81.245.97	 64.81.53.41	 ESP	 0105023b	 blowfish-cbc	 hmac-md5	  	
64.81.53.41	 64.81.245.97	 ESP	 0c89c8ff	 blowfish-cbc	 hmac-md5	  	
TIA, and maybe I'll hit the wiki up with some more 'how to troubleshoot' on this. 
 
-Keith

________________________________

From: Chris Buechler [mailto:cbuechler at gmail dot com]
Sent: Fri 1/21/2005 2:29 PM
To: Keith Redfield
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] m0n0 <==> m0n0 IPSEC VPN - diagnosing



On Thu, 20 Jan 2005 23:36:07 -0800, Keith Redfield
<kredfield at airsurfwireless dot com> wrote:
>
> Just want to clarify- if my SAD is empty I should be sad, right? (no VPN)
>

:)  yes, that's correct. 


> I think I typo'd the remote subnet entry on the other side. Is that enough to kill the
relationship entirely?
>

I don't believe that specific part would, but it might.  You almost
certainly have something mismatched.

-Chris