I have changed safenet IP # 18.104.22.168,connection stablish, in firewall
rule all(*) ports allow but problem still here such error produce
"racoon: ERROR: pfkey.c:2009:pk_recvspdupdate(): such policy does not
already exist: 22.214.171.124/32 126.96.36.199/32 proto=any dir=out"
remote computer ping getway#188.8.131.52 & also firewall interface allow
for remote client but not ping lan#192.168.1.20 interface
> On Fri, 11 Mar 2005 10:21:35 +0100, Raphael Maunier
> <raphael at maunier dot net> wrote:
>> You can't connect to a monowall with an ipsec client without a public
>> ip address. This have already been asked (and tested).
>> You can only use pptp with a nated cnx.
> Actually, I have been able to successfully connect IPSec behind a
> NATed box. m0n0wall does support the NAT traversal I think. However,
> there are several factors that could be preventing you from making a
> successful connection.
>> Abdul Aziz wrote:
>> >lan# 192.168.1.188
>> >lan port attached 1 pc IP#192.168.1.20 & GATEWAY#192.168.1.188
>> >safenet settings:
>> >IP ADDRESS#192.168.1.21
> For starters, looking at your configuration, your LAN IP is
> 192.168.1.188/24 and your remote network is 192.168.1.21/24
> You cannot connect to a remote IPSec network if your LAN and the
> remote LAN overlap (or in this case, exactly the same:
> 192.168.1.0/24). First fix this and then try again. If you can't
> control the network assignments on either network, then you're out of
> luck, it won't work regardless.
> Secondly, there are quite a few other things that could be preventing
> you from connecting to the remote network. For example, some ISP's
> will block the ports used to connect to VPN (ex. UDP 500, etc). If you
> are using satellite, I'm aware most satellite providers block GRE
> unless you get premium service. GRE is a required protocol used in
> IPSec connections with gives it out-of-band capabilities. If your ISP
> blocks GRE, on either side of the VPN link, you're also out of luck.
> Lastly, check your NAT router on the side that has the private IP.
> That router must have VPN passthrough capability (most recent ones do).
> Some require you to explicitly enable the ability on the router
> Try those and see if it works. I've gotten Safenet 9.2.1 to work
> successfully from a NATed XP box to a remote m0n0wall via IPSec
> between two cable ISPs.