[ previous ] [ next ] [ threads ]
 From:  "Abdul Aziz" <aaziz at justbooking dot com>
 To:  <sylikc at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] vpn problem(safenet)error
 Date:  Thu, 17 Mar 2005 02:29:04 -0500 (GMT+5)
Dear Sir,

I have changed safenet IP #,connection stablish, in firewall
rule all(*) ports allow  but problem still here such error produce

"racoon: ERROR: pfkey.c:2009:pk_recvspdupdate(): such policy does not
already exist:[0][0] proto=any dir=out"

remote computer ping getway# & also firewall interface allow
for remote client but not ping lan#  interface


Abdul Aziz

> On Fri, 11 Mar 2005 10:21:35 +0100, Raphael Maunier
> <raphael at maunier dot net> wrote:
>> You can't connect to a monowall with an ipsec client without a public
>> ip address. This have already been asked (and tested).
>> You can only use pptp with a nated cnx.
> Actually, I have been able to successfully connect IPSec behind a
> NATed box.  m0n0wall does support the NAT traversal I think.  However,
> there are several factors that could be preventing you from making a
> successful connection.
>> Abdul Aziz wrote:
>> >lan#
>> >lan port attached 1 pc IP# & GATEWAY#
>> >
>> >
>> >safenet settings:
> For starters, looking at your configuration, your LAN IP is
> and your remote network is
> You cannot connect to a remote IPSec network if your LAN and the
> remote LAN overlap (or in this case, exactly the same:
>  First fix this and then try again.  If you can't
> control the network assignments on either network, then you're out of
> luck, it won't work regardless.
> Secondly, there are quite a few other things that could be preventing
> you from connecting to the remote network.  For example, some ISP's
> will block the ports used to connect to VPN (ex. UDP 500, etc).  If you
> are using satellite, I'm aware most satellite providers block GRE
> unless you get premium service.  GRE is a required protocol used in
> IPSec connections with gives it out-of-band capabilities.  If your ISP
> blocks GRE, on either side of the VPN link, you're also out of luck.
> Lastly, check your NAT router on the side that has the private IP.
> That router must have VPN passthrough capability (most recent ones do).
>  Some require you to explicitly enable the ability on the router
> settings.
> Try those and see if it works.  I've gotten Safenet 9.2.1 to work
> successfully from a NATed XP box to a remote m0n0wall via IPSec
> between two cable ISPs.
> /sylikc