[ previous ] [ next ] [ threads ]
 From:  "Eileen Kelleher" <eileen at kelltech dot biz>
 To:  "Manuel Kasper" <mk at neon1 dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0wall does not pass IPSEC traffic?
 Date:  Thu, 8 Jan 2004 00:48:27 -0700

Thanks much for letting me know it works...  I connected it up again and
checked, the fragments were already allowed on the default LAN -> any

I poked around a little more and tried unchecking the box on the WAN
interface page that blocks private network traffic, that did the trick.

I really love the firewall and want to install it at a customer site,
but they use VPN connections now and I really need to get a little
information on how to set up a simple IKE exchange, pre-shared key,
3des, vpn with SafeNet client.  Could you give me a little hint?

They need to set up a real DMZ with a web server accessing a secure
database at the back end.  From what I have seen, the m0n0wall will do
the trick nicely.

Thanks for the great little firewall, BTW I saw it on TechTV and jumped
in, I wanted to play too! ;-)

eileen at kelltech dot biz

-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net] 
Sent: Thursday, January 08, 2004 12:26 AM
To: Eileen Kelleher
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] m0n0wall does not pass IPSEC traffic?

Eileen Kelleher said:
> I have encountered a serious problem, at least for me.  The firewall
> does not seem to be able to pass any IPSEC traffic from the LAN
> to the WAN connection.  Does anyone have a clue what I could do to
> enable this?
> I lowered the MTU to ensure encapsulation wouldn't be the problem,
> fixed it for a NetScreen firewall when I encountered the same symptoms
> before.
> I am using a safenet client on a windows XP system to connect out to a
> remote netscreen endpoint.  It gets a connection but cannot pass any
> traffic.

I have a SafeNet SoftRemote client running on a Win XP notebook behind
m0n0wall at home, too. It connects to a ZyWALL and works flawlessly. You
may have to allow fragments in your default LAN -> any rule, though.