[ previous ] [ next ] [ threads ]
 
 From:  Daniel Voelkel <the underscore dna at gmx dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall IPSec-configuration
 Date:  Thu, 18 Aug 2005 12:51:35 +0200 
Hi,

I want to do the following. My m0n0 has 3 Interfaces, WAN, LAN and 
VPN_subnet. I want do connect a client in my local VPN_subnet with the 
VPN of my company. Generally ,I have 2 ways to do that
- VPN-tunnel opened by the m0n0wall
   means, that the m0n0 opens the tunnel. Al client or a whole subnet is 
connected with the remote vpn.

- mobile client
   means, that a client needs a vpn-client to open the tunnel, which the 
m0n0 only passes through.

Is that correct?


In my current configuration the m0n0wall drops several errors, but I 
don't understand them and I couldn't find an explanation of them.

racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy already 
exists. anyway replace it: 192.168.1.1/32[0] 192.168.205.27/32[0] 
proto=any dir=out

racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy already 
exists. anyway replace it: 192.168.0.51/32[0] 192.168.0.0/24[0] 
proto=any dir=out

racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy already 
exists. anyway replace it: 192.168.205.27/32[0] 192.168.1.1/32[0] 
proto=any dir=in

racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy already 
exists. anyway replace it: 192.168.0.0/24[0] 192.168.0.51/32[0] 
proto=any dir=in


Which policy? I didn't create any policy for this subnet. And I have to 
replace it with what? I really don't understand this message.


Here is the tunnel-setup, some private informations where replaced

<tunnel>
     <interface>wan</interface>
     <local-subnet>
         <address>192.168.1.1</address>
     </local-subnet>
     <remote-subnet>192.168.205.27/32</remote-subnet>
     <remote-gateway>gateway-ip-in-internet</remote-gateway>
     <p1>
         <mode>aggressive</mode>
         <myident>
             <ufqdn>x dot y at z dot de</ufqdn>
         </myident>
         <encryption-algorithm>3des</encryption-algorithm>
         <hash-algorithm>md5</hash-algorithm>
         <dhgroup>2</dhgroup>
         <lifetime/>
         <pre-shared-key>mytestkey</pre-shared-key>
         <private-key/>
         <cert/>
         <peercert/>
         <authentication_method>pre_shared_key</authentication_method>
     </p1>
     <p2>
         <protocol>esp</protocol>
         <encryption-algorithm-option>3des</encryption-algorithm-option>
         <encryption-algorithm-option>blowfish</encryption-algorithm-option>
 
<encryption-algorithm-option>cast128</encryption-algorithm-option>
 
<encryption-algorithm-option>rijndael</encryption-algorithm-option>
                 <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
                 <hash-algorithm-option>hmac_md5</hash-algorithm-option>
         <pfsgroup>0</pfsgroup>
         <lifetime/>
     </p2>
     <descr>VPN</descr>
</tunnel>


192.168.1.1    is the ip of my notebook in my vpn_subnet
192.168.205.27    is my IP in the VPN-Net of my company
192.158.1.51    is my m0n0 in the vpn_subnet


I'm glad for any direct help or a documentation, which describes my 
scenario.

Thanks, Daniel