Re: [m0n0wall] Multiple IPSEC tunnels between two endpoints

From:	VorsichtFalle <vorsichtfalle at arcor dot de>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Multiple IPSEC tunnels between two endpoints
Date:	Sat, 07 Mar 2009 17:19:17 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fred Wright said the following on 03/01/2009 05:04 AM:
> Make sure you use Aggressive Mode, since in Main Mode the tunnel can only
> be identified by the IP address.

I maintained a similar setup at a company i was working for

LAN A --- Gateway ----- Gateway---LAN B
                               |
                               ---LAN C

Tunnel 1: LAN A -> LAN B
Tunnel 2: LAN A -> LAN C
Both gateways had fixed IPs and no dns-name

The Gateways were running FreeBSD 4.x/5.x with ipsec-tools. I am pretty
sure that we had "My Identifier" set to "My IP-Address" and "Negotiation
Mode" set to "Main" on both endpoints without any issues. So why would
you go for "Agressive"? All i know is that you need agressive-mode for
mobile clients aka roadwarrior. Plus you have a little less security on
agressive compared to main mode (just for the record). But i might not
be up to date. ;)

Since monowall uses ipsec-tools it should behave similar.
- --
Cheers,
Lars

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmynoQACgkQUu0o4VI3XTTnhACeLKvdHmCQVeD2WuqjfXzJplhf
it4AmwR3/8qnODwvbdbZNbfIG9Q/FMjQ
=HjcQ
-----END PGP SIGNATURE-----