[ previous ] [ next ] [ threads ]
 
 From:  Charles Goldsmith <wokka at justfamily dot org>
 To:  Nuno Meireles <nuno dot meiras at gmail dot com>
 Cc:  Monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] VPN Tunnel
 Date:  Tue, 30 Jun 2009 12:36:04 -0500 
Nuno, try turning the negotiation mode to normal.  I've always had to
use normal for mono to cisco vpn connections, so I've always used it
for my mono-mono tunnels as well.

Charles

On Tue, Jun 30, 2009 at 4:35 AM, Nuno Meireles<nuno dot meiras at gmail dot com> wrote:
> Hi.
> I´m try to build a vpn ipsec tunnel between two monowall boxes.
>
> my config is :
> *
> monowall 1*
>
> wan static ip (82.154.xxx.xxx)
> lan subnet 10.0.0.1
>
> Nat-T- Enable Nat Transversal
> remote subnet 192.168.3.1/24
> remote gateway - xxx.dyndns.org
>
> Phase1
> negotiatin mode - aggressive
> My identifier - my ipadress - 82.154.xxx.xxx
> encryption algorithm - 3ds
> hash algorithm - sha1
> dh key group - 2
> lifetime - 86400
> authentication method - pre-shared key
> pre-shared key - 12345678
>
> Phase 2
> protocol - ESP
> Encryption algorithms - Blowfish
> Hash algorithms - SHA1
> PFS key group - 2
> Lifetime - 86400
>
> *monowall 2*
>
> wan dynamic ip (xxxxx.dyndns.org)
> lan subnet 192.168.3.1
>
> **
> Nat-T- Enable Nat Transversal
> remote subnet 10.0.0.1/8
> remote gateway - 82.154.xxx.xxx
>
> Phase1
> negotiatin mode - aggressive
> My identifier - Domain Name - xxx.dyndns.org
> encryption algorithm - 3ds
> hash algorithm - sha1
> dh key group - 2
> lifetime - 86400
> authentication method - pre-shared key
> pre-shared key - 12345678
>
> Phase 2
> protocol - ESP
> Encryption algorithms - Blowfish
> Hash algorithms - SHA1
> PFS key group - 2
> Lifetime - 86400
>
> But doesn´t work. When i do ping 192.168.3.1, says network unreachable
>
> this is the logs.
>
> Jun 30 09:34:10 racoon: INFO: 10.0.0.254[4500] used as isakmp port (fd=13)  Jun
> 30 09:34:10 racoon: INFO: 10.0.0.254[4500] used for NAT-T  Jun 30
> 09:34:38 racoon:
> INFO: IPsec-SA request for 66.28.22.88 queued due to no phase1 found.  Jun
> 30 09:34:38 racoon: INFO: initiate new phase 1 negotiation:
> 82.154.249.173[500]<=>66.28.22.88[500]  Jun 30 09:34:38 racoon: INFO: begin
> Aggressive mode.  Jun 30 09:35:09 racoon: ERROR: phase2 negotiation failed
> due to time up waiting for phase1. ESP 66.28.22.88[0]->82.154.249.173[0]  Jun
> 30 09:35:09 racoon: INFO: delete phase 2 handler.  Jun 30 09:35:28 racoon:
> ERROR: phase1 negotiation failed due to time up.
> d56c4e91e6c68b35:0000000000000000
> Can you help-me
>
>
> Nuno
>