[ previous ] [ next ] [ threads ]
 
 From:  "Don Munyak" <don dot munyak at gmail dot com>
 To:  "Fritz Platzke" <fritz at milkpotato dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Ipsec tunnel problem
 Date:  Thu, 13 Apr 2006 16:21:42 -0400
On 4/13/06, Fritz Platzke <fritz at milkpotato dot org> wrote:
> I have two boxes that I'm trying to create a tunnel between and I'm having
> absolutely no luck. Following is a rundown of my settings. What am I doing
> wrong?
>
> Main Site
> Internal IP             192.168.100.252
> IPSec local net 192.168.221.0/24
> IPSec remote net        192.168.222.0/24
> IPSec interface WAN
> IPSec remote gw xx.xx.xx.xx
> P1                      aggressive
> P1 encr         blowfish
> P1 hash         md5
>
> Remote site
> Internal IP             192.168.222.254
> IPSec local net LAN
> IPSec remote net        192.168.221.0/24
> IPSec interface WAN
> IPSec remote gw xx.xx.xx.xx
> P1                      aggressive
> P1 encr         blowfish
> P1 hash         md5
>
> Did I do something wrong?
> I see nothing in the Diagnostics -> IPSec -> SAD
> SPD on the other hand shows the local and remote nets. What else do I need
> to check?
>
> Thanks in advance
> Fritz Platzke
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>

Here's my config...which is currently in production for m0n0wall-to-m0n0wall.
public IP stuff has been fudged :-)

OS: m0n0wall Firewall/Router
ver 1.21 48xx-1.21.img
http://m0n0.ch/wall
UID: admin
PW: xxxxxxxx

**************************
>> MAIN Office <<
> LAN : Enabled
Port: Eth-0 (sis0)
IP:192.168.1.0
SM :255.255.255.0
GW:192.168.1.1
DNS:192.168.1.1
WINS: none
DHCP: 192.168.1.100 -.150

> WAN : Enabled
Port: Eth-1 (sis1)
IP:10.10.10.81
SM :255.255.255.0
GW:10.10.10.1
DNS:66.10.10.11
DNS:66.10.10.12
WINS: none
DHCP: none static

> DMZ : Disabled

------------------------

IPSEC:
Tunnel
Interface: WAN
Local subnet: LAN Subnet
Remote Subnet: 192.168.2.0 /24
Remote Gateway: 10.10.10.156
Description: Remote Office VPN

>Phase-1
Negotiation mode:aggressive
My Identifier: My IP Address
Encryption: Blowfish
Hash: SHA1
DH Key group: 2
Lifetime: 86400 seconds
Auth medthod: Pre-share key
pre-share key: pA517@med#1z$

>Phase-2
Protocol: ESP
Encryption Algorithm: Blowfish only
Hash Algorithm: SHA1 only
PFS key group: 2
14400 seconds

**************************
>> REMOTE Office <<
> LAN : Enabled
Port: Eth-0 (sis0)
IP:192.168.2.0
SM :255.255.255.0
GW:192.168.2.1
DNS:192.168.2.1
WINS: none
DHCP: 192.168.2.100 -.150

> WAN : Enabled
Port: Eth-1 (sis1)
IP:10.10.10.156
SM :255.255.255.0
GW:10.10.10.1
DNS:66.10.10.11
DNS:66.10.10.12
WINS: none
DHCP: none static

> DMZ : Disabled

------------------------

IPSEC:
Tunnel
Interface: WAN
Local subnet: LAN Subnet
Remote Subnet: 192.168.1.0 /24
Remote Gateway: 10.10.10.81
Description: MAIN Office VPN

>Phase-1
Negotiation mode:aggressive
My Identifier: My IP Address
Encryption: Blowfish
Hash: SHA1
DH Key group: 2
Lifetime: 86400 seconds
Auth medthod: Pre-share key
pre-share key: pA517@med#1z$

>Phase-2
Protocol: ESP
Encryption Algorithm: Blowfish only
Hash Algorithm: SHA1 only
PFS key group: 2
14400 seconds


~ Don