[ previous ] [ next ] [ threads ]
 
 From:  "Cory Strobel" <corys at medican dot com>
 To:  =?iso-8859-2?Q?Uro=B9_Gruber?= <uros dot gruber at vizija dot si>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC with FreeBSD
 Date:  Fri, 16 Sep 2005 08:59:15 -0600
Do you see any SAD or SPD entries on the Diagnostics->IPSEC page on the monowall when you try
connecting?

I am not 100% sure based on the information you gave, but I believe your subnet masks in your spdadd
entries should be something other than /32, likely /24. A /32 only allows access to and from a
single host.

Also check the racoon log file (typically /var/log/racoon) on your BSD box for clues, it usually
will help diagnose where the problem is.

-Cory


-----Original Message-----

Sent: Friday, September 16, 2005 12:24 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] IPSEC with FreeBSD

Hi!

I'm running 1.2b10 and I would like to get monowall and my remote server to comunicate via IPSEC
VPN.

I setup IPSEC with preshared-key on monowal and follow the instruction from

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html

but nothing is working. Can somebody give me some info about this.

what I did.

monowall have one remote address (A) and local address 10.255.255.252 server have local address
192.168.0.1 and remote address (B). I set up monowall from documentation (IPSEC on WAN and local is
LAN), remote gateway is set to adress B. I also setup to use preshared-key.

Then I create gif0 on my freebsd and create tunnel as i said from handbook. Then install racoon and
kreate psk.txt and start the racoon. 
And also set IPSEC policy with two rules and start the IPSEC.

  spdadd B/32 A/32 ipencap -P out ipsec
   esp/tunnel/B-A/require;
spdadd A/32 B/32 ipencap -P in ipsec
   esp/tunnel/A-B/require;

But I can't se anthing to work.

Did I miss something

regards

Uros

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch