|
||||||||
On Fri, September 16, 2005 4:59 pm, Cory Strobel wrote: > > Do you see any SAD or SPD entries on the Diagnostics->IPSEC page on the > monowall when you try connecting? > > I am not 100% sure based on the information you gave, but I believe your > subnet masks in your spdadd entries should be something other than /32, > likely /24. A /32 only allows access to and from a single host. > > Also check the racoon log file (typically /var/log/racoon) on your BSD > box for clues, it usually will help diagnose where the problem is. Hm. I'm kida make this work, but with a little modification. I have this on my monowall: $ cat /var/etc/racoon.conf path pre_shared_key "/var/etc/psk.txt"; path certificate "/var/etc"; remote 217.72.81.133 { exchange_mode aggressive; my_identifier address "A.B.C.D"; peers_identifier address X.Y.W.Z; initial_contact on; support_proxy on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo address 10.0.0.0/8 any address 192.168.0.1/32 any { encryption_algorithm 3des; authentication_algorithm hmac_sha1,hmac_md5; compression_algorithm deflate; pfs_group 1; } and spdadd 10.0.0.0/8 10.255.255.252/32 any -P in none; spdadd 10.255.255.252/32 10.0.0.0/8 any -P out none; spdadd 10.0.0.0/8 192.168.0.1/24 any -P out ipsec esp/tunnel/A.B.C.D-X.Y.W.Z/unique; spdadd 192.168.0.1/24 10.0.0.0/8 any -P in ipsec esp/tunnel/X.Y.W.Z-A.B.C.D/unique; I have to set spdadd similar to this because ipencap was not working. I was getting error sadinfo all the time. Now I can ping those two hosts. But problem is how to ping entire network behind monowall. I tried with static routes but i give up. Can anybody help with some examples. I try with traceroute but everything stops on router. regards > -----Original Message----- > From: Uro¹ Gruber [mailto:uros dot gruber at vizija dot si] > Sent: Friday, September 16, 2005 12:24 AM > To: m0n0wall at lists dot m0n0 dot ch > Subject: [m0n0wall] IPSEC with FreeBSD > > > Hi! > > > I'm running 1.2b10 and I would like to get monowall and my remote server > to comunicate via IPSEC VPN. > > I setup IPSEC with preshared-key on monowal and follow the instruction > from > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html > > > but nothing is working. Can somebody give me some info about this. > > what I did. > > monowall have one remote address (A) and local address 10.255.255.252 > server have local address 192.168.0.1 and remote address (B). I set up > monowall from documentation (IPSEC on WAN and local is LAN), remote > gateway is set to adress B. I also setup to use preshared-key. > > Then I create gif0 on my freebsd and create tunnel as i said from > handbook. Then install racoon and kreate psk.txt and start the racoon. And > also set IPSEC policy with two rules and start the IPSEC. > > spdadd B/32 A/32 ipencap -P out ipsec esp/tunnel/B-A/require; spdadd A/32 > B/32 ipencap -P in ipsec > esp/tunnel/A-B/require; > > But I can't se anthing to work. > > > Did I miss something > > > regards > > Uros > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > |