[ previous ] [ next ] [ threads ]
 
 From:  Jack Mayhew <Jack at jmayhew dot vineyard dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSEC trouble between Monowall and FreeBSD 5.3
 Date:  Tue, 26 Apr 2005 19:59:58 -0400 
I tried RTFM and much Googling, but we are still stuck. 

Both machines report established SAD, however, the Monowall (Soekris, 
1.2b7) does not show a route for the remote subnet and there is no gif 
interface (on the Monowall) showing up for the tunnel (does Monowall not 
use a gif interface?). 

Are we missing something on the Monowall config? 

<ipsec>
        <enable/>
        <tunnel>
            <auto/>
            <interface>wan</interface>
            <local-subnet>
                <network>lan</network>
            </local-subnet>
            <remote-subnet>10.0.0.0/24</remote-subnet>
            <remote-gateway>x.x.x.x</remote-gateway>
            <p1>
                <mode>main</mode>
                <myident>
                    <fqdn>zzz.dns2go.com</fqdn>
                </myident>
                <encryption-algorithm>blowfish</encryption-algorithm>
                <hash-algorithm>sha1</hash-algorithm>
                <dhgroup>2</dhgroup>
                <lifetime>28800</lifetime>
                <pre-shared-key>***************</pre-shared-key>
            </p1>
            <p2>
                <protocol>esp</protocol>
                
<encryption-algorithm-option>blowfish</encryption-algorithm-option>
                <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
                <hash-algorithm-option>hmac_md5</hash-algorithm-option>
                <pfsgroup>2</pfsgroup>
                <lifetime>86400</lifetime>
            </p2>
            <descr>Educomp</descr>
        </tunnel>
    </ipsec>

     (remote-gateway and pre-shared-key have been sanitized)

Also, is there any way to use a x509 certificate for Phase 1 identification?

BTW, been using Monowall for almost a year as a general firewall at home 
with virtually no issues - very stable!

Thanks,
Jack