[ previous ] [ next ] [ threads ]
 
 From:  "Abdul Aziz" <aaziz at justbooking dot com>
 To:  <sylikc at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] vpn problem(safenet)error
 Date:  Thu, 17 Mar 2005 02:29:04 -0500 (GMT+5)
Dear Sir,

I have changed safenet IP # 202.115.10.1,connection stablish, in firewall
rule all(*) ports allow  but problem still here such error produce

"racoon: ERROR: pfkey.c:2009:pk_recvspdupdate(): such policy does not
already exist: 202.115.10.1/32[0] 200.115.10.1/32[0] proto=any dir=out"

remote computer ping getway#200.115.10.51 & also firewall interface allow
for remote client but not ping lan#192.168.1.20  interface

Regards:

Abdul Aziz






Aziz,
>
>
> On Fri, 11 Mar 2005 10:21:35 +0100, Raphael Maunier
> <raphael at maunier dot net> wrote:
>> You can't connect to a monowall with an ipsec client without a public
>> ip address. This have already been asked (and tested).
>> You can only use pptp with a nated cnx.
>
> Actually, I have been able to successfully connect IPSec behind a
> NATed box.  m0n0wall does support the NAT traversal I think.  However,
> there are several factors that could be preventing you from making a
> successful connection.
>
>
>> Abdul Aziz wrote:
>> >lan# 192.168.1.188
>> >lan port attached 1 pc IP#192.168.1.20 & GATEWAY#192.168.1.188
>> >
>> >
>> >safenet settings:
>> >IP ADDRESS#192.168.1.21
>
> For starters, looking at your configuration, your LAN IP is
> 192.168.1.188/24 and your remote network is 192.168.1.21/24
>
> You cannot connect to a remote IPSec network if your LAN and the
> remote LAN overlap (or in this case, exactly the same:
> 192.168.1.0/24).  First fix this and then try again.  If you can't
> control the network assignments on either network, then you're out of
> luck, it won't work regardless.
>
>
> Secondly, there are quite a few other things that could be preventing
> you from connecting to the remote network.  For example, some ISP's
> will block the ports used to connect to VPN (ex. UDP 500, etc).  If you
> are using satellite, I'm aware most satellite providers block GRE
> unless you get premium service.  GRE is a required protocol used in
> IPSec connections with gives it out-of-band capabilities.  If your ISP
> blocks GRE, on either side of the VPN link, you're also out of luck.
>
> Lastly, check your NAT router on the side that has the private IP.
> That router must have VPN passthrough capability (most recent ones do).
>  Some require you to explicitly enable the ability on the router
> settings.
>
>
> Try those and see if it works.  I've gotten Safenet 9.2.1 to work
> successfully from a NATed XP box to a remote m0n0wall via IPSec
> between two cable ISPs.
>
>
> /sylikc