[ previous ] [ next ] [ threads ]
 
 From:  sylikc <sylikc at gmail dot com>
 To:  Abdul Aziz <aaziz at justbooking dot com>
 Cc:  Raphael Maunier <raphael at maunier dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] vpn problem(safenet)
 Date:  Mon, 14 Mar 2005 19:08:33 -0800
Aziz,


On Fri, 11 Mar 2005 10:21:35 +0100, Raphael Maunier <raphael at maunier dot net> wrote:
> You can't connect to a monowall with an ipsec client without a public ip
> address. This have already been asked (and tested).
> You can only use pptp with a nated cnx.

Actually, I have been able to successfully connect IPSec behind a
NATed box.  m0n0wall does support the NAT traversal I think.  However,
there are several factors that could be preventing you from making a
successful connection.


> Abdul Aziz wrote:
> >lan# 192.168.1.188
> >lan port attached 1 pc IP#192.168.1.20 & GATEWAY#192.168.1.188
> >
> >
> >safenet settings:
> >IP ADDRESS#192.168.1.21

For starters, looking at your configuration, your LAN IP is
192.168.1.188/24 and your remote network is 192.168.1.21/24

You cannot connect to a remote IPSec network if your LAN and the
remote LAN overlap (or in this case, exactly the same:
192.168.1.0/24).  First fix this and then try again.  If you can't
control the network assignments on either network, then you're out of
luck, it won't work regardless.


Secondly, there are quite a few other things that could be preventing
you from connecting to the remote network.  For example, some ISP's
will block the ports used to connect to VPN (ex. UDP 500, etc).  If
you are using satellite, I'm aware most satellite providers block GRE
unless you get premium service.  GRE is a required protocol used in
IPSec connections with gives it out-of-band capabilities.  If your ISP
blocks GRE, on either side of the VPN link, you're also out of luck.

Lastly, check your NAT router on the side that has the private IP. 
That router must have VPN passthrough capability (most recent ones
do).  Some require you to explicitly enable the ability on the router
settings.


Try those and see if it works.  I've gotten Safenet 9.2.1 to work
successfully from a NATed XP box to a remote m0n0wall via IPSec
between two cable ISPs.


/sylikc