[ previous ] [ next ] [ threads ]
 
 From:  Claude Hecker <hecker at ifina dot de>
 To:  prt at teko dot it
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem with IPSEC site2site VPN
 Date:  Thu, 16 Feb 2006 11:39:41 +0100
OK fine..
bt for the next time don't show the real addresses on
the list.. maybe directly but never on the list!!

Look at both sides at your ipsec definitions.
And change he xx.254/24 settings to xx.0/24
and everything should work if the psk is the same
on both sides!

regards
Claude

Paolo Rossi Tiller wrote:
>>can you show us your racoon.conf settings from both, please!
> 
> 
> Sure :-) Thx
> 
> Ps. I've seen that there are NO SAD entries in my local monowall..? 
> 
> ---------------- REmote monowall ----------------
> racoon.conf 
> path pre_shared_key "/var/etc/psk.txt";
> 
> path certificate  "/var/etc";
> 
> remote 81.xx.xx.xx {
> 	exchange_mode aggressive;
> 	my_identifier address "62.xx.xx.xx";
> 
> 	peers_identifier address 81.xx.xx.xx;
> 	initial_contact on;
> 	support_proxy on;
> 	proposal_check obey;
> 
> 	proposal {
> 		encryption_algorithm blowfish;
> 		hash_algorithm sha1;
> 		authentication_method pre_shared_key;
> 		dh_group 2;
> 		lifetime time 28800 secs;
> 	}
> 	lifetime time 28800 secs;
> }
> 
> sainfo address 192.168.41.0/24 any address 192.168.42.254/24 any {
   looks then

   sainfo address 192.168.41.0/24 any address 192.168.42.0/24 any {
> 	encryption_algorithm blowfish;
> 	authentication_algorithm hmac_sha1;
> 	compression_algorithm deflate;
> 	pfs_group 2;
> 	lifetime time 86400 secs;
> }
> 
> ------------------- Local Monowall ------------------
> 
> racoon.conf 
> path pre_shared_key "/var/etc/psk.txt";
> 
> path certificate  "/var/etc";
> 
> remote 62.xx.xx.xx {
> 	exchange_mode aggressive;
> 	my_identifier address "81.xx.xx.xx";
> 
> 	peers_identifier address 62.xx.xx.xx;
> 	initial_contact on;
> 	support_proxy on;
> 	proposal_check obey;
> 
> 	proposal {
> 		encryption_algorithm blowfish;
> 		hash_algorithm sha1;
> 		authentication_method pre_shared_key;
> 		dh_group 2;
> 		lifetime time 28800 secs;
> 	}
> 	lifetime time 28800 secs;
> }
> 
> sainfo address 192.168.42.0/24 any address 192.168.41.254/24 any {

  looks then:

  sainfo address 192.168.42.0/24 any address 192.168.41.0/24 any {
> 	encryption_algorithm blowfish;
> 	authentication_algorithm hmac_sha1;
> 	compression_algorithm deflate;
> 	pfs_group 2;
> 	lifetime time 86400 secs;
> }
> 
>  
> SAD 
> No SAD entries.
> Paolo Rossi Tiller
> IT Manager
> Teko Spa
>