[ previous ] [ next ] [ threads ]
 
 From:  Jim Gifford <jim at giffords dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  ipsec configuration questions
 Date:  Tue, 24 Feb 2004 15:32:59 -0500
I'm trying to establish an ipsec tunnel between a m0n0wall box and a
freebsd server I have at a remote facility.  I've been trying to use
something other than the m0n0wall's IP address as the identifier, but
haven't found a way to hammer the freebsd box into submission.

I've been assuming that the reason for the phase 1 negotion "my
identifier" options in the m0n0wall gui was to make it possible to change
the identifier m0n0wall uses with the remote end of the tunnel.  Is this
a valid assumption?

If so, is the blank unlabeled input field where you would put the
information if not using 'my ip address'?  If you choose 'ip address'
from the pulldown, how is that different from 'my ip address'?  If you
choose 'domain name' from the pulldown, how does that relate in the other
end's configuration?

Can someone please clarify this for me?

My end goal is to have 2 m0n0wall connected networks connecting to a
central freebsd server using ipsec tunnels, and able to route between
the two protected networks via those tunnels.  I would prefer to not
require that the m0n0wall machine's IP be known in advance (the ISPs want
to charge $USD15/month extra per DSL line for a static IP, and I think
that is robbery).

This doesn't seem like that complicated of a setup to me, and yet nothing
I try gets even close to working.  The closest I've gotten is hardcoding
the two m0n0wall IPs into each other for a direct tunnel between them,
but that requires manual intervention when the ISP forces an address
change.

Thanks in advance for any insight anyone can give me into how this stuff
is supposed to behave.  I'm in over my head, and the documentation all
just makes me even more confused.

thanks,
jim