[ previous ] [ next ] [ threads ]
 
 From:  Ian Cartwright <ian351c at cox dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  ipf and IPSEC
 Date:  Wed, 31 Dec 2003 17:23:22 -0700
Hello all,

I set up a m0n0wall box today and I am having issues with IPSEC. I am
able to configure an IPSEC tunnel and configure rules that allow traffic
through the tunnel, however, I do not receive a response from any hosts
on the other side of the tunnel.

I've had similar issues before on FreeBSD with ipf/ipnat and KAME. Has
anyone else experienced issues with using ipf/ipnat and IPSEC tunnels on
m0n0wall?

Here is some inf that should be relevant:

Firewall log:

My host is 192.168.0.104, the m0n0wall box is 192.168.0.100 and the
destination host is 199.62.136.45

23:58:25.554460 rl0 @-1:-1 p 192.168.0.100 -> 192.168.0.104 PR icmp len
20 56 icmp redirect/host for 192.168.0.104,55401 - 
199.62.136.45,22 PR tcp len 20 60 K-S K-F OUT 
23:58:25.554160 rl0 @100:2 p 192.168.0.104,55401 -> 199.62.136.45,22 PR
tcp len 20 60 -S K-S K-F IN 
23:58:01.552416 rl0 @-1:-1 p 192.168.0.100 -> 192.168.0.104 PR icmp len
20 56 icmp redirect/host for 192.168.0.104,55401 - 199.62.136.45,22 PR
tcp len 20 60 K-S K-F OUT 
23:58:01.552162 rl0 @100:2 p 192.168.0.104,55401 -> 199.62.136.45,22 PR
tcp len 20 60 -S K-S K-F IN 23:57:49.551396 rl0 @-1:-1 p 192.168.0.100
-> 192.168.0.104 PR icmp len 20 56 icmp redirect/host for
192.168.0.104,55401 - 199.62.136.45,22 PR tcp len 20 60 K-S K-F OUT 
23:57:49.551171 rl0 @100:2 p 192.168.0.104,55401 -> 199.62.136.45,22 PR
tcp len 20 60 -S K-S K-F IN

Racoon log (shows the tunnel is up):
racoon: INFO: pfkey.c:1357:pk_recvadd(): IPsec-SA established:
ESP/Tunnel 68.227.xxx.xxx->199.64.xxx.xxx spi=126522906(0x78a961a)