[ previous ] [ next ] [ threads ]
 From:  "Marek Läll" <marek dot lall at neti dot ee>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  1.3b2; VPN; NAT-T; ping works but not much more
 Date:  Tue, 27 Feb 2007 23:31:23 +0200
> - NAT-T support for IPsec VPN

I have similar configuration.
 monowall-1        debian        monowall-2
int1/pub1  <-> pub2/int2 <-> mono2-ext/mono2-int

monowall-1 - mobile/nat-t/RSA 1024-bit
monowall-2 - tunnel/nat-t/RSA 1024-bit

(1) tunnel goes up. It is possible to ping ip addresses
    on other sides (works both directions)
    If i start Remote Desktop in net "int1" and try to connect
    to net "mono2-int" then monowall 2 has the following entries
    in firewall log about UDP (no port!):
    DROP WAN <IP pub1> <IP mono2-ext> UDP

On IPsec/SAD page I see the following output
Source   Destination
Invalid  extension
Invalid  extension