M0n0wall to M0n0wall Ipsec tunnel does not connect

From:	"Cecil Strange" <cecil underscore strange at msn dot com>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	M0n0wall to M0n0wall Ipsec tunnel does not connect
Date:	Mon, 16 Oct 2006 23:38:20 -0700

I read the manual, followed the example configuration
http://doc.m0n0.ch/handbook/ipsec-tunnels.html, and scoured
six months of Ipsec postings in these lists without learing
what my problem is.

Work M0n0wall has a public IP on WAN which is also the VPN
ID.
Home M0n0wall uses DHCP for its WAN IP but it is usually
consistent for six months or more.  I use my domain name as
the identifier at home.
The LAN addresses do not overlap.
The encryption, authentication and pre-shared key settings
are identical at both sites.  I really did follow the
example in the manual closely.
But the manual only promised, without delivering the
firewall rules.  I put in permit eveerything on both LAN
interfaces and permit ESP any any on both WAN interfaces.  I
also added permit UDP, any source, port 500, any
destination, any port on both WAN interfaces in response to
a prior Ipsec thread.  I also tried substituting 3DES for
Blowfish, MD5 for SHA1, PFS key group off instead of 2, and
main negotiation for aggressive, all to no avail.

To review:

Home tunnel settings:	local subnet: 			LAN
subnet
				remote subnet
192.168.1.0/24
				remote GW (public)
64.122.194.235

Work tunnel settings:		local subnet
LAN subnet
				remote subnet
172.16.1.0/24
				remote GW (via DHCP)
67.171.180.42

A traceroute from one gateway to the other has nine hops.

The SPD chart on both M0n0walls looks right but there has
never been any thing under SAD on either.

Cecil Strange, 222 SW Columbia, Suite 1600, Portland, OR
97201, (503) 295-3749