[ previous ] [ next ] [ threads ]
 From:  "Alan L" <m0n0 dash list at lugg dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPsec tunnel with BEFVP41
 Date:  Thu, 9 Nov 2006 20:23:55 -0600
I have m0n0wall on and the Linksys on so I
know that is not the problem.


I have been using m0n0wall exclusively for about 3.5 years now and
absolutely love it. However, in this situation, m0n0wall is not an option. I
have converted a whole slew of people over to m0n0wall and they all rave
about it.


It is not a mission critical tunnel I am trying to setup, I can live with
75% or so uptime, I've got m0n0wall on my side!! ;-)


Anything else I can try?





From: Lynn Grant [mailto:lgrant at adamscon dot com] 
Sent: Thursday, November 09, 2006 7:33 PM
To: Alan L
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] IPsec tunnel with BEFVP41


I used to have a an IPSec tunnel with a BEFVP41, and for a while, I had
exactly the same symptoms. 

It was a while back, but I believe the problem turned out to be that the
Mono and the BEFVP41 were both using the 192.168.1.x subnet.  (The subnets
on both ends of a  tunnel cannot overlap.)   After I moved the Mono to
192.168.3.x, things worked much better.  

Eventually, I replaced the BEFVP41 with another Mono, because the Mono is
better supported, more stable, and has an easier-to-use user interface.

Be well...


On Thu, 2006-11-09 at 13:28 -0600, Alan L wrote: 

I am trying to establish an IPSec tunnel between my m0n0wall and a Linksys
BEFVP41 with the latest firmware.
I have configured m0n0wall and the Linksys with the following:
Phase 1
Negotiation mode: Aggressive
Encryption algorithm: 3DES
Hash algorithm: MD5
DH key group: 2 (1024bit)
Lifetime: 3600
Phase 2
Protocol: ESP
Encryption algorithm: 3DES 
Hash algorithm: MD5
PFS key group: 2 (1024bit)
Lifetime: 3600
I already have a couple of tunnels established between other m0n0wall
routers that are active without any problems.
The Linksys says it is connected, and the connections show up in
Diagnostics->IPsec->SAD. I currently have an 'any any' rule setup for ESP in
the firewall rules of m0n0wall.
The catch to this is. I cannot pass any traffic through the tunnel. Anyone
have suggestions as to why this isn't working, am I missing something?