[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec with AVM Fritz!Box
 Date:  Tue, 04 Feb 2014 10:38:05 -0600
On 02/02/2014 09:01 AM, Joschka Blohm wrote:
> As far as I know the networks _have to_ be different. And because of
> that I configured the m0n0wall's subnet to 192.168.1.0/24 and the one of
> the other end to 192.168.178.0/24. Or I am totally wrong? I haven't
> found any information stating otherwise.

Sorry, I forgot to respond to this.  And I know you are working now, but 
I want to respond so it is in the archives.

Yes, you are correct that both local subnets have to be different.  This 
is just a simple IP routing requirement.  My point was in CIDR notation. 
  A subnet is often represented as a network number and netmask. 
192.168.4.0/24 for example.  But it can also be represented by the first 
IP address and subnet, like 192.168.4.1/24.  Both refer to the exact 
same network.  In theory, so would 192.168.56/24 but nobody uses that.

However, in racoon and some other IPsec implementations, 192.168.4.0/24 
and 192.168.4.1/24 are NOT considered the same.  So when you say the 
local subnet on system A is 192.168.4.0/24 and on system B you say the 
remote subnet is 192.168.4.1/24 the tunnel does not properly come up and 
the logs do not say why...

Note that I did not test this on everything, but I KNOW it fails on 
m0n0wall 1.34 and Sonicwall IPsec connections.

			Lee