[ previous ] [ next ] [ threads ]
 
 From:  "Cimino Vittorio" <cimino at teamufficio dot it>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Mobile clients???
 Date:  Fri, 9 Mar 2007 12:14:11 +0100 
Test monowall 1.1b16 – Safenet SoftRemoteLt 10.0.0



M0n0

Sis0 -> 192.168.0.131/24

Sis1 -> 10.10.10.163/28



Rules

Accept ESP inbound

Accept AH inbound



Ipsec

Enable Ipsec

    <ipsec>        <tunnel>            <interface>wan</interface>
<local-subnet>                <network>lan</network>
</local-subnet>            <remote-subnet>192.168.1.1/32</remote-subnet>
<remote-gateway>10.10.10.164</remote-gateway>            <p1>
<mode>aggressive</mode>                <myident>
<myaddress/>                </myident>
<encryption-algorithm>3des</encryption-algorithm>
<hash-algorithm>md5</hash-algorithm>                <dhgroup>2</dhgroup>
<lifetime/>                <pre-shared-key>xxxxx</pre-shared-key>
</p1>            <p2>                <protocol>esp</protocol>
<encryption-algorithm-option>3des</encryption-algorithm-option>
<encryption-algorithm-option>blowfish</encryption-algorithm-option>
<encryption-algorithm-option>cast128</encryption-algorithm-option>
<encryption-algorithm-option>rijndael</encryption-algorithm-option>
<hash-algorithm-option>hmac_md5</hash-algorithm-option>
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
<pfsgroup>0</pfsgroup>                <lifetime/>            </p2>
<descr/>        </tunnel>        <enable/>    </ipsec>

Safenet



Public ip -> 10.10.10.164

OS -> Win XP Home



New Connection

IDType -> IP Subnet

Subnet -> 192.168.0.0

Mask -> 255.255.255.0

Protocol -> all

Connet Using -> Secure Gateway

ID Type -> any

Gateway IP Address -> 10.10.10.163

My Identity

Select Certificate -> None

ID Type -> IP Address

Virtual Adapter -> Required

Internal Network IP Address -> 192.168.1.1



Proposal 1

Authentication Method -> Pre-Shared Key

Enc Alg -> 3DES

Hash Alg -> MD5

SA Life -> Unspecified

Key GRP -> DH2



Proposal 2

SA Life -> Unspecified

Compression -> None

ESP

Enc Alg -> 3DES

Hash Alg -> MD5

Encapsulation -> Tunnel



It work also with SSH sentinel very fine

----- Original Message ----- 
From: "Andreas Ferrari" <aferrari at stasoft dot ch>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, March 09, 2007 11:40 AM
Subject: [m0n0wall] Mobile clients???


> Hi all
>
> How is it possible with IPSEC? I havent found something about it or
> maybe I had tomatos on my eyes:-( So could anyone give me a hint where
> to look for it? (IPSEC -> Mobile clients, in the GUI but no docs found...)
> Does anyone have experience with it?
>
> regards
>
> Andreas
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>