[ previous ] [ next ] [ threads ]
 
 From:  "Barry Mather" <Barry dot Mather at ddat dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] ipsec configuration questions
 Date:  Wed, 25 Feb 2004 02:35:02 -0000
Hi,

Afaik, the standard freebsd ipsec config uses freeswan for ipsec, this
requires certificates to be exchanged instead of the pre shared secret.

As m0n0 uses racoon ipsec, I'm not sure you'll get them talking to each
other, I'm no freeswan expert tho.

In regards of using static ips, why not use dyndns (dynamic dns) to
identify your m0n0walls ? it has a dyndns client built into it, and in
my experience of setting up networks, dyndns seems to work fairly well,
although not 100%

Hope this helps a little ..

-----Original Message-----
From: Jim Gifford [mailto:jim at giffords dot net] 
Sent: 25 February 2004 07:33
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] ipsec configuration questions

I'm trying to establish an ipsec tunnel between a m0n0wall box and a
freebsd server I have at a remote facility.  I've been trying to use
something other than the m0n0wall's IP address as the identifier, but
haven't found a way to hammer the freebsd box into submission.

I've been assuming that the reason for the phase 1 negotion "my
identifier" options in the m0n0wall gui was to make it possible to
change
the identifier m0n0wall uses with the remote end of the tunnel.  Is this
a valid assumption?

If so, is the blank unlabeled input field where you would put the
information if not using 'my ip address'?  If you choose 'ip address'
from the pulldown, how is that different from 'my ip address'?  If you
choose 'domain name' from the pulldown, how does that relate in the
other
end's configuration?

Can someone please clarify this for me?

My end goal is to have 2 m0n0wall connected networks connecting to a
central freebsd server using ipsec tunnels, and able to route between
the two protected networks via those tunnels.  I would prefer to not
require that the m0n0wall machine's IP be known in advance (the ISPs
want
to charge $USD15/month extra per DSL line for a static IP, and I think
that is robbery).

This doesn't seem like that complicated of a setup to me, and yet
nothing
I try gets even close to working.  The closest I've gotten is hardcoding
the two m0n0wall IPs into each other for a direct tunnel between them,
but that requires manual intervention when the ISP forces an address
change.

Thanks in advance for any insight anyone can give me into how this stuff
is supposed to behave.  I'm in over my head, and the documentation all
just makes me even more confused.

thanks,
jim

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


This e-mail message may contain confidential or privileged information and is intended solely for
the individual to whom it is addressed. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. If you have received it in error please notify us
immediately by telephoning 0870 737 0017 and destroy this e-mail and any attachments.
E-mail transmission cannot be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the contents of this message,
which arise as a result of e-mail transmission.