[ previous ] [ next ] [ threads ]
 
 From:  Guillaume =?iso-8859-1?Q?Dout=E9?= <gdoute at free dot fr>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  ipsec VPN : dynamic ip and nat
 Date:  Mon, 28 Aug 2006 12:29:08 +0200
hi all!

I'm trying to setup a VPN connection between 2 monowalls : 1 is directly
connected to the internet, and the other one is connected behind a NAT router.
Here's what it looks like :

remote----monowall----NAT-----(internet)------monowall---local
subnet                                                   subnet

the NAT router get's his ip address dynamicaly. "Ipsec passthrough" as been
checked.

I managed to get a VPN connection up, using the "normal" site-to-site way (the
two networks appeared in the ipsec logs on SAD), knowing that it wasn't the
best solution when one connects through dynamic ip.  however, eventhough it
was up, I couldn't ping the remote monowall's LAN ip address.

so I decided to look for another way

I looked in the mailing list archive, on mail pointed to a tutorial of pfsense
when one of the routers uses dynamic ip
(ftp://reflection.ncsa.uiuc.edu/pub/pfSense/tutorials/mobile_ipsec/index.html).
I tried it but I couldn't get the VPN up, logs says :

racoon: DEBUG: pfkey X_SPDDUMP failed: No such file or directory

I'm kinda lost, I don't know how I can successfully setup this ipsec tunnel...
can anybody point me where I've been wrong ? why can't I ping the remote
monowall's LAN ip even with VPN up ? what those "pfkey X_SPDDUMP" means? is
this a problem because of the NAT router ?

thanks for your help!!!
signature.asc (0.2 KB, application/pgp-signature)