[ previous ] [ next ] [ threads ]
 
 From:  Marko Vukovic <marko at aquamanta dot co dot za>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Free IPSec clients vs m0n0wall
 Date:  Mon, 30 Jan 2006 23:03:02 +0200 
Rui Correia wrote:
> Hi guys,
> It has been brought to my attention that there are 2 freeware IPSec clients out
> there for Road Warriors.
> Those are Linsys @ http://sourceforge.net/projects/lsipsectool/ and iVPN(or
> TauVPN) @ http://sourceforge.net/projects/ivpn/.
> Has anyone successfuly used any of these (especially linsys because it is not
> based on ipseccmd) to build an IPSec connection to a m0n0wall box?

That's particularly of interest to me, as I have an x64 machine and 
ipseccmd.exe is not available for x64.

> If so, could you please make up a small guide on how to set it up and post it on
> the mailing list?

It's pretty simple, took me 5 mins. to get it going with PSK. I will try 
using certs too if I get a chance.
The options are pretty limited iro one's identity (client side). One 
*has* to specify one's IP address (which is probably dynamic for road 
warriors most of the time) which is annoying.

So... my quickie guide:

m0n0wall configuration:
.  Tunnels->Check 'Enable IPsec' and Save.
.  Mobile clients->Check 'Allow mobile clients'.

    Phase 1:
    Negotiation: Main
    My Identification: Use 'My IP address' or 'Domain name' with FQDN of 
your m0n0.
    Encryption: 3DES
    Hash: SHA1
    DH group: 2
    Lifetime: Same as client setting (client default 3500s)
    Authentication Method: Pre Shared Key

    Phase 2:
    Protocol: ESP
    Encryption: 3DES
    Hash: SHA1
    PFS group: 2
    Lifetime: Same as client setting (client default 3500s)

.  Pre Shared Keys->Click on 'Add key' button (+)
    Enter your client machine's IP address in 'Identifier' field.
    Enter your chosen Pre-shared key.
    Save and Apply.

Linsys client:
.  Create a new profile.
.  Select your appropriate interface.
.  Enter your appropriate local and remote information.
    Make sure that 'VPN gateway' is the same as the m0n0wall setting 'My 
Identification'.
.  Select PreSharedKey for Authentication method and enter your chosen 
PSK (as per m0n0wall) in the textbox below.
.  For Proto/Encryption/Integrity: ESP,3DES,SHA1,PFS on
.  Select an IKE lifetime in seconds (default is fine).
    Be sure to set the m0n0wall 'Lifetime' setting the same.
. Click on 'Connect' and (hopefully) Voila!

Troubleshooting:
.  Look at the m0n0wall System logs for errors.
.  Look at the IPSec section under Diagnostics for valid SAD and SPD 
entries.
.  Check the 'Debug Enabled' box on the Linsys client, disconnect then 
right-click the icon in the system tray and select 'View log' and then 
reconnect.


Hope this helps
--
Marko