[ previous ] [ next ] [ threads ]
 From:  Andreas Ferrari <aferrari at stasoft dot ch>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ipsec VPN : dynamic ip and nat
 Date:  Mon, 28 Aug 2006 14:47:27 +0200
this should answer your question:

see also

Guillaume Douté schrieb:
> hi all!
> I'm trying to setup a VPN connection between 2 monowalls : 1 is directly
> connected to the internet, and the other one is connected behind a NAT router.
> Here's what it looks like :
> remote----monowall----NAT-----(internet)------monowall---local
> subnet                                                   subnet
> the NAT router get's his ip address dynamicaly. "Ipsec passthrough" as been
> checked.
> I managed to get a VPN connection up, using the "normal" site-to-site way (the
> two networks appeared in the ipsec logs on SAD), knowing that it wasn't the
> best solution when one connects through dynamic ip.  however, eventhough it
> was up, I couldn't ping the remote monowall's LAN ip address.
> so I decided to look for another way
> I looked in the mailing list archive, on mail pointed to a tutorial of pfsense
> when one of the routers uses dynamic ip
> (ftp://reflection.ncsa.uiuc.edu/pub/pfSense/tutorials/mobile_ipsec/index.html).
> I tried it but I couldn't get the VPN up, logs says :
> racoon: DEBUG: pfkey X_SPDDUMP failed: No such file or directory
> I'm kinda lost, I don't know how I can successfully setup this ipsec tunnel...
> can anybody point me where I've been wrong ? why can't I ping the remote
> monowall's LAN ip even with VPN up ? what those "pfkey X_SPDDUMP" means? is
> this a problem because of the NAT router ?
> thanks for your help!!!

P: +41 61 726 80 70
F: +41 61 726 80 79