[ previous ] [ next ] [ threads ]
 
 From:  "Jai Ketteridge" <jai at innaloo dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Simulating a WAN for testing 2 m0n0s - with log file
 Date:  Fri, 4 Aug 2006 23:17:38 +0800
Hi

Im currently trying to experiment on 2 new monowall boxes that I built. I
figured it would be easier for me to network them locally to config before
actual deployment. My main aim is to also test a few things like DHCP
relaying across IPsec VPN.

What I have currently is 2 machines with 3 NICs each (LAN, WAN & WLAN) and
each machine has a cross over cable to my laptop (one at a time depending on
which one Im configuring). The two WAN NICs connect via a crossover cable if
the WAN interface is set to a static address. To simulate a WAN I have
attempted give the WAN NIC a static IP of 66.66.66.xx on each and created a
VPN connection. For the meantime I have set the WAN NIC to have no port
restrictions to the LAN interface. But the IPsec VPN doesnt come up after
specifying the other machines' static IP as the gateway in the connection
properties. I dont think this is wrong?

So what I tried next was setting the WAN ports to DHCP and the two new monos
got an IP from my DHCP server after disconnecting the cross cable and
plugging the monos and the DHCP server onto the same switch. The DHCP server
gives out a different IP range to that of both mono's LAN subnets. I can
ping both machines from one another from the WAN interface and my newly
edited IPsec VPN connection doesnt come up. I am attempting to use Blowfish
and SHA1 with a simple shared key and have used the same settings as one I
used successfully before.

I have set both machines to identical VPN connection settings, except the
obvious IPs and Gateways.

Is there something im missing? Or do I really need to have each machine
hanging off the end of a DSL connection?

I feel as though I may not have some routing in place somewhere but since
each machine can see the other on the WAN connection I think it should
work - but it aint!

This is what my system log says after a fresh reboot.

Aug 4 23:08:27 racoon: INFO: @(#)ipsec-tools 0.6.5
(http://ipsec-tools.sourceforge.net)
Aug 4 23:08:27 racoon: INFO: @(#)This product linked OpenSSL 0.9.7d-p1 17
Mar 2004 (http://www.openssl.org/)
Aug 4 23:08:27 racoon: DEBUG: call pfkey_send_register for AH
Aug 4 23:08:27 racoon: DEBUG: call pfkey_send_register for ESP
Aug 4 23:08:27 racoon: DEBUG: call pfkey_send_register for IPCOMP
Aug 4 23:08:27 racoon: DEBUG: reading config file /var/etc/racoon.conf
Aug 4 23:08:27 racoon: DEBUG: hmac(modp1024)
Aug 4 23:08:27 racoon: DEBUG: compression algorithm can not be checked
because sadb message doesn't support it.
Aug 4 23:08:27 racoon: DEBUG: my interface: 10.1.1.5 (fxp0)
Aug 4 23:08:27 racoon: DEBUG: my interface: 10.2.2.1 (fxp1)
Aug 4 23:08:27 racoon: DEBUG: my interface: 10.2.3.1 (fxp2)
Aug 4 23:08:27 racoon: DEBUG: my interface: 10.2.1.1 (fxp3)
Aug 4 23:08:27 racoon: DEBUG: my interface: 127.0.0.1 (lo0)
Aug 4 23:08:27 racoon: DEBUG: configuring default isakmp port.
Aug 4 23:08:27 racoon: DEBUG: 5 addrs are configured successfully
Aug 4 23:08:27 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=7)
Aug 4 23:08:27 racoon: INFO: 10.2.1.1[500] used as isakmp port (fd=8)
Aug 4 23:08:27 racoon: INFO: 10.2.3.1[500] used as isakmp port (fd=9)
Aug 4 23:08:27 racoon: INFO: 10.2.2.1[500] used as isakmp port (fd=10)
Aug 4 23:08:27 racoon: INFO: 10.1.1.5[500] used as isakmp port (fd=11)
Aug 4 23:08:27 racoon: DEBUG: get pfkey X_SPDDUMP message
Aug 4 23:08:27 racoon: DEBUG: get pfkey X_SPDDUMP message
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.0.0.0/24[0] 10.2.1.0/24[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5a08: 10.2.1.0/24[0] 10.2.1.1/32[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: get pfkey X_SPDDUMP message
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.1/32[0] 10.2.1.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5a08: 10.2.1.0/24[0] 10.2.1.1/32[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.1/32[0] 10.2.1.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5c08: 10.0.0.0/24[0] 10.2.1.0/24[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: get pfkey X_SPDDUMP message
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.0/24[0] 10.0.0.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5a08: 10.2.1.0/24[0] 10.2.1.1/32[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.0/24[0] 10.0.0.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5c08: 10.0.0.0/24[0] 10.2.1.0/24[0]
proto=any dir=in
Aug 4 23:08:27 dhclient: bound to 10.1.1.5 -- renewal in 39126 seconds.
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.0/24[0] 10.0.0.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80ad008: 10.2.1.1/32[0] 10.2.1.0/24[0]
proto=any dir=out
Aug 4 23:10:56 racoon: DEBUG: msg 1 not interesting
Aug 4 23:10:58 last message repeated 2 times

Thanks for your help!