Re: [m0n0wall] Having trouble setting up iVPN with monowall

From:	Andreas Bahr <eyebear at prima dot de>
To:	cbuechler at gmail dot com
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Having trouble setting up iVPN with monowall
Date:	Tue, 20 Sep 2005 23:55:12 +0200

Hi,

Chris Buechler schrieb:
> On 9/20/05, Bradley Van Peursem <bradley at itelework dot com> wrote:
> 
>>Has anyone got this working with IPSEC and monowall?
>>
> 
> 
> This isn't exactly what you're after but might be helpful.  
> http://www.edain.de/howtos/wlan_protection.shtml
...

Got it working with the mentioned howto, but now I'm stuck with the 
problem that the tunnel collapses under load.

A ping is growing from a few milliseconds up to 50 or 100 msecs, f.e. 
"Ping thinkpad.air.local [192.168.2.3] mit 32 Bytes Daten:
Antwort von 192.168.2.3: Bytes=32 Zeit=53ms TTL=127"

The entries under Diagnostics->IPSec->SAD showed no SAD-associations 
anymore.

The fw-rules allow pinging from the dmz (opt1 named here) to the local 
subnet. For testing purposes I allowed really everything.

The first look at the monowall logs showed that the racoon-process had 
an hickup and couldn't establish a connection.

What do the readers of this ml think? Might changing the client help in 
this situation?

TIA

Andreas