[ previous ] [ next ] [ threads ]
 
 From:  M0n0wall <m0n0wall at toyne dot cix dot co dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VPN connection through m0n0wall
 Date:  Fri, 05 Jan 2007 14:01:28 +0000
Hello All

Could I put this another way. Has anyone managed to successfully VPN 
from an Apple MAC through m0n0wall to an OpenSwan server? If so, I 
would be interested in how they set this up.

I'm not sure if this is related, but I have just been playing with two 
wifi connected PCs and noticed that they cannot talk to each other. I 
can quite happily ping m0n0 from either, but not each other. The wifi 
router is effectively being used to pass traffic directly to m0n0.

Lastly, I just noticed that the diagram came through incorrectly, WiFi 
goes into m0n0, not Centos. As below:

WAN -->m0n0-->Centos-->LAN
WiFi---^

All assistance very much appreciated.

TIA and regards
Kevin


Quoting m0n0wall at toyne dot cix dot co dot uk:

> m0n0wall version 1.22
>
> WAN -->m0n0-->Centos-->LAN
> WiFi   ------^
>
> I've been attempting to get an Apple Mac (OS X, 10.4.8), when 
> connected to WiFi, to VPN through Centos to the LAN. Ultimately, I 
> would like to extend this to allow roaming attachments through WAN as 
> well.
>
> However, all appears to work OK 
> (STATE_MAIN_R1->STATE_MAIN_R2->STATE_MAIN_R3 & 
> STATE_QUICK_R0->STATE_QUICK_R1->STATE_QUICK_R3) with IPsec 
> established, but then it halts and ultimately deletes the connection. 
> Inspecting the m0n0 log afterwards shows the following:
>
> sis0 @100:2 b 192.168.168.100 -> 10.100.1.199 PR icmp len 20 116 icmp 
> unreach/port for 10.100.1.199,51718 - 192.168.168.100,1701 PR udp len 
> 20 68 K-S IN
>
> I checked 10.100.1.199 and UDP port 51718 is open. I can also ping 
> 10.100.1.199 from 192.168.168.100 as well. The rule that causes this 
> log entry is one that allows ALL traffic, which is why I'm a little 
> confused as to why it is getting blocked. Oh yes, and all the 
> firewalls have effectively been turned off, only logging remains.
>
> Am I doing something wrong? Any help appreciated.
>
> TIA