Re: [m0n0wall] Random lack of Dataflow over IPSEC VPN

From:	Bjoern Euler <lists at edain dot de>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	jai at innaloo dot net
Subject:	Re: [m0n0wall] Random lack of Dataflow over IPSEC VPN
Date:	Wed, 20 Dec 2006 12:21:08 +0100

On 20.12.2006 12:09 Jai Ketteridge wrote:
> Its possible that its doing that - On the WAN home tab in the modem it says
> that the Firewall and NAT is enabled. I may try disabling them but if I do
> that and it doesnt work im screwed because the modem is 5000km from me and
> If i cannot remote in Im in big trouble!!!

In that case I would not change any of the settings on the Dlink. We 
don't want to make it worse and it was only a suggestion from my side. 
No changes before there is some more information.

> Here is the IPSEC from SINGAPORE
> 	<encryption-algorithm>blowfish</encryption-algorithm>
> 	<hash-algorithm>sha1</hash-algorithm>
> 	<dhgroup>2</dhgroup>
> 	<lifetime>28880</lifetime>

What caught my attention when looking at your configuration are the 
lifetime settings for Phase 1 and 2. I strongly suggest to set the phase 
1 lifetime to a higher value than phase 2 lifetime!

I have made good experiences with
Phase 1 lifetime 86400
Phase 2 lifetime 3600

Try changing to these values before doing anything else.

Regards
-Bjoern