this should answer your question:
Guillaume Douté schrieb:
> hi all!
> I'm trying to setup a VPN connection between 2 monowalls : 1 is directly
> connected to the internet, and the other one is connected behind a NAT router.
> Here's what it looks like :
> subnet subnet
> the NAT router get's his ip address dynamicaly. "Ipsec passthrough" as been
> I managed to get a VPN connection up, using the "normal" site-to-site way (the
> two networks appeared in the ipsec logs on SAD), knowing that it wasn't the
> best solution when one connects through dynamic ip. however, eventhough it
> was up, I couldn't ping the remote monowall's LAN ip address.
> so I decided to look for another way
> I looked in the mailing list archive, on mail pointed to a tutorial of pfsense
> when one of the routers uses dynamic ip
> I tried it but I couldn't get the VPN up, logs says :
> racoon: DEBUG: pfkey X_SPDDUMP failed: No such file or directory
> I'm kinda lost, I don't know how I can successfully setup this ipsec tunnel...
> can anybody point me where I've been wrong ? why can't I ping the remote
> monowall's LAN ip even with VPN up ? what those "pfkey X_SPDDUMP" means? is
> this a problem because of the NAT router ?
> thanks for your help!!!
P: +41 61 726 80 70
F: +41 61 726 80 79