Re: [m0n0wall] Is it possible to ipsec vpn from mobile winxp to m0n0?

From:	Bjoern Euler <lists at edain dot de>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	Joe Commisso <jemc at bluefrog dot com>
Subject:	Re: [m0n0wall] Is it possible to ipsec vpn from mobile winxp to m0n0?
Date:	Sat, 23 Sep 2006 19:32:36 +0200

On 23.09.2006 16:44 Joe Commisso wrote:
> I have a home computer behind a router connected to home DSL (meaning
> dynamic IP).

This could be the mainproblem when using TauVPN or some other frontend 
for integrated WinXP IPSec.
For that setup to be supported you would need to use "aggressive mode" 
for IPSec phase 1 connection. TauVPN does not support that and always 
uses main mode. For dynamic IPs you need to use some other 3rd party 
client like NCP Secure Entry which supports aggressive mode.
Otherwise you need to change the tunnel configuration on the main-side 
everytime your DSL IP changes.

> I have m0n0wall v1.22
> My logs don't seem to indicate any vpn activity at all.
Maybe the router or your ISP blocks IPSec traffic? You should at least 
see some racoon messages and UDP traffic on port 500.

For such a setup PPTP is the best option with m0n0wall at the moment.

Regards
-Bjoern