[ previous ] [ next ] [ threads ]
 
 From:  "Jai Ketteridge" <jai at innaloo dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Simulating a WAN for testing 2 m0n0s - with log file
 Date:  Mon, 7 Aug 2006 21:22:15 +0800
Hi

Im currently trying to experiment on 2 new monowall boxes that I built. I
figured it would be easier for me to network them locally to config before
actual deployment. My main aim is to also test a few things like DHCP
relaying across IPsec VPN.

What I have currently is 2 machines with 3 NICs each (LAN, WAN & WLAN) and
each machine has a cross over cable to my laptop (one at a time depending on
which one Im configuring). To simulate a WAN I have attempted give the WAN
NIC a static IP of 66.66.66.xx on each and created a VPN connection. For the
meantime I have set the WAN NIC to have no port restrictions to the LAN
interface. But the IPsec VPN doesnt come up after specifying the other
machines' static IP as the gateway in the connection properties. I dont
think this is wrong?

So what I tried next was setting the WAN ports to DHCP and the two new monos
both got an IP from my DHCP server. The DHCP server gives out a different IP
range to that of both mono's LAN subnets. I can ping both machines from one
another from the WAN interface and my newly edited IPsec VPN connection
doesnt come up. I am attempting to use Blowfish and SHA1 with a simple
shared key and have used the same settings as one I used successfully
before.

I have set both machines to identical VPN connection settings, except the
obvious IPs and Gateways.

Is there something im missing? Or do I really need to have each machine
hanging off the end of a DSL connection?

I feel as though I may not have some routing in place somewhere but since
each machine can see the other on the WAN connection I think it should
work - but it aint!

This is what my system log says after a fresh reboot.

Aug 4 23:08:27 racoon: INFO: @(#)ipsec-tools 0.6.5
(http://ipsec-tools.sourceforge.net)
Aug 4 23:08:27 racoon: INFO: @(#)This product linked OpenSSL 0.9.7d-p1 17
Mar 2004 (http://www.openssl.org/)
Aug 4 23:08:27 racoon: DEBUG: call pfkey_send_register for AH
Aug 4 23:08:27 racoon: DEBUG: call pfkey_send_register for ESP
Aug 4 23:08:27 racoon: DEBUG: call pfkey_send_register for IPCOMP
Aug 4 23:08:27 racoon: DEBUG: reading config file /var/etc/racoon.conf
Aug 4 23:08:27 racoon: DEBUG: hmac(modp1024)
Aug 4 23:08:27 racoon: DEBUG: compression algorithm can not be checked
because sadb message doesn't support it.
Aug 4 23:08:27 racoon: DEBUG: my interface: 10.1.1.5 (fxp0)
Aug 4 23:08:27 racoon: DEBUG: my interface: 10.2.2.1 (fxp1)
Aug 4 23:08:27 racoon: DEBUG: my interface: 10.2.3.1 (fxp2)
Aug 4 23:08:27 racoon: DEBUG: my interface: 10.2.1.1 (fxp3)
Aug 4 23:08:27 racoon: DEBUG: my interface: 127.0.0.1 (lo0)
Aug 4 23:08:27 racoon: DEBUG: configuring default isakmp port.
Aug 4 23:08:27 racoon: DEBUG: 5 addrs are configured successfully
Aug 4 23:08:27 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=7)
Aug 4 23:08:27 racoon: INFO: 10.2.1.1[500] used as isakmp port (fd=8)
Aug 4 23:08:27 racoon: INFO: 10.2.3.1[500] used as isakmp port (fd=9)
Aug 4 23:08:27 racoon: INFO: 10.2.2.1[500] used as isakmp port (fd=10)
Aug 4 23:08:27 racoon: INFO: 10.1.1.5[500] used as isakmp port (fd=11)
Aug 4 23:08:27 racoon: DEBUG: get pfkey X_SPDDUMP message
Aug 4 23:08:27 racoon: DEBUG: get pfkey X_SPDDUMP message
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.0.0.0/24[0] 10.2.1.0/24[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5a08: 10.2.1.0/24[0] 10.2.1.1/32[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: get pfkey X_SPDDUMP message
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.1/32[0] 10.2.1.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5a08: 10.2.1.0/24[0] 10.2.1.1/32[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.1/32[0] 10.2.1.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5c08: 10.0.0.0/24[0] 10.2.1.0/24[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: get pfkey X_SPDDUMP message
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.0/24[0] 10.0.0.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5a08: 10.2.1.0/24[0] 10.2.1.1/32[0]
proto=any dir=in
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.0/24[0] 10.0.0.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80a5c08: 10.0.0.0/24[0] 10.2.1.0/24[0]
proto=any dir=in
Aug 4 23:08:27 dhclient: bound to 10.1.1.5 -- renewal in 39126 seconds.
Aug 4 23:08:27 racoon: DEBUG: sub:0xbfbff554: 10.2.1.0/24[0] 10.0.0.0/24[0]
proto=any dir=out
Aug 4 23:08:27 racoon: DEBUG: db :0x80ad008: 10.2.1.1/32[0] 10.2.1.0/24[0]
proto=any dir=out
Aug 4 23:10:56 racoon: DEBUG: msg 1 not interesting
Aug 4 23:10:58 last message repeated 2 times

Thanks for your help!