[ previous ] [ next ] [ threads ]
 From:  Kenman Wong <kenman dot wong at iaspec dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Hub-And-Spoke VPN
 Date:  Fri, 03 Mar 2006 09:45:15 +0800

I've just started reading this post and I am asked to configure a 
hub-spoke VPN for our offices. We have 3 offices location with the 
central office having static IP and the two branch offices using dynamic 

Hub LAN         : 10.1.x.x
Spoke #1 LAN : 10.11.x.x
Spoke #2 LAN : 10.21.x.x

I only use M0n0wall on the two Spokes while the Hub is a Netscreen 100 
device. I can get both MW's and the NS-100 to connect an IPsec tunnel 
between each other. Once I create and start the second set of tunnels to 
route traffic from Spoke #1 to Spoke #2, both tunnels will close and 
they fail Phase 1 negotiation. My NS-100 tells me about not finding the 
correct Phase 1 scheme. My guess is NS-100 gets confused which tunnel it 
is negotiating with.

So if we do the second set of tunnels, do we create a tunnel with an 
entirely different Pre-shared key/secret? How about the My Identifier? I 
use "User FQDN" followed by an email address on the MW's with Aggressive 
negotiation. Does the second set of tunnel must use a different "User 


Dan Firac wrote:
> Hello all,
> Can m0n0wall be configured for a Hub-And-Spoke VPN with communication between spokes?
> TIA,
> Dan.