[ previous ] [ next ] [ threads ]
 
 From:  Bernhard Geist <Bernhard dot Geist at waldbrenner dot de>
 To:  "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPsec tunnel w/dynamic IP on one side
 Date:  Sun, 24 Apr 2005 22:33:54 +0200
Hello monowall experts,

I searched the docs, archives & the faq but didn't come up with a solution.
here is my Problem:
VPN IPsec Tunnel between two monowalls 1.11. One side fixed IP, one side dyn
ip via PPPoE (DSL). Gateway adress on the fixed-ip-monowall must be 0.0.0.0
and I don't find any possibility to set the identifier of the remote side
other than adress even when using agressive negotiation mode (preferred:
fqdn). Any help out there?

thanks in advance

Bernhard (fan of monowall for a long time) 


my actual racoon.conf's (and yes, I know they can't work, because the my and
peers identifiers don't match. But how to alter this with the web gui? the
solution might be: 'peers_identifier fqdn "monowallBG" 'on the fixed side,
but no way to enter this)
-------------------------------------------------
fixed ip (central):
path pre_shared_key "/var/etc/psk.txt";

remote 0.0.0.0 {
	exchange_mode aggressive;
	my_identifier fqdn "monowall";
	peers_identifier address 0.0.0.0;
	initial_contact on;
	support_proxy on;
	proposal_check obey;

	proposal {
		encryption_algorithm 3des;
		hash_algorithm md5;
		authentication_method pre_shared_key;
		dh_group 2;
		lifetime time 3600 secs;
	}
	lifetime time 3600 secs;
}

sainfo address 193.101.51.0/24 any address 10.104.104.0/24 any {
	encryption_algorithm 3des,blowfish,cast128,rijndael;
	authentication_algorithm hmac_md5,hmac_sha1;
	compression_algorithm deflate;
	lifetime time 3600 secs;
}
-------------------------------------------------
dyn ip monowall:
path pre_shared_key "/var/etc/psk.txt";

remote 213.30.243.133 {
	exchange_mode aggressive;
	my_identifier fqdn "monowallBG";
	peers_identifier address 213.30.243.133;
	initial_contact on;
	support_proxy on;
	proposal_check obey;

	proposal {
		encryption_algorithm 3des;
		hash_algorithm md5;
		authentication_method pre_shared_key;
		dh_group 2;
		lifetime time 3600 secs;
	}
	lifetime time 3600 secs;
}

sainfo address 10.104.104.0/24 any address 193.101.51.0/24 any {
	encryption_algorithm 3des,blowfish,cast128,rijndael;
	authentication_algorithm hmac_md5,hmac_sha1;
	compression_algorithm deflate;
	lifetime time 3600 secs;
}