[ previous ] [ next ] [ threads ]
 From:  "Marek Läll" <marek dot lall at neti dot ee>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Re: certificate based IPSEC VPN
 Date:  Wed, 23 Jan 2008 23:08:37 +0200

Are you going to try IPSec NAT-T?

If yes then feedback is welcome. I would like to create tunnel using
m0n0wall as server and client (behind firewall and NAT). It works partly.
IPSec tunnel comes up and ping works. Problem is that if packet size
exceeds limit ~1450 bytes then "client m0n0wall" firewall starts to drop
incoming UDP encapsulated ESP packets.

I have asked this question couple of times during a year but no responses.
It seems nobody is using m0n0wall as IPSec NAT-T client.


"JR" <tiresias at gmail dot com> wrote in message 
news:deee1e610801231235n5e2e7673ha0e82194eb5a5ec0 at mail dot gmail dot com...
> 2008/1/23 Marek Läll <marek dot lall at neti dot ee>:
>> uncomment the following line:
>>     subjectAltName=email:copy
> ...
>> And then in m0n0wall ipsec config I choose "User FQDN" as "My Identifier"
>> and value
>> is email address that you entered while you generated node 
>> certificate/key
> Thank you very much for replying. I'm glad to hear that someone has
> got this working. I will try creating new certs with the
> subjectAltName option to use with the FQDN identifier.
> Thanks,
> JR