[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec with AVM Fritz!Box
 Date:  Tue, 04 Feb 2014 10:38:05 -0600
On 02/02/2014 09:01 AM, Joschka Blohm wrote:
> As far as I know the networks _have to_ be different. And because of
> that I configured the m0n0wall's subnet to and the one of
> the other end to Or I am totally wrong? I haven't
> found any information stating otherwise.

Sorry, I forgot to respond to this.  And I know you are working now, but 
I want to respond so it is in the archives.

Yes, you are correct that both local subnets have to be different.  This 
is just a simple IP routing requirement.  My point was in CIDR notation. 
  A subnet is often represented as a network number and netmask. for example.  But it can also be represented by the first 
IP address and subnet, like  Both refer to the exact 
same network.  In theory, so would 192.168.56/24 but nobody uses that.

However, in racoon and some other IPsec implementations, 
and are NOT considered the same.  So when you say the 
local subnet on system A is and on system B you say the 
remote subnet is the tunnel does not properly come up and 
the logs do not say why...

Note that I did not test this on everything, but I KNOW it fails on 
m0n0wall 1.34 and Sonicwall IPsec connections.