On 02/02/2014 09:01 AM, Joschka Blohm wrote:
> As far as I know the networks _have to_ be different. And because of
> that I configured the m0n0wall's subnet to 192.168.1.0/24 and the one of
> the other end to 192.168.178.0/24. Or I am totally wrong? I haven't
> found any information stating otherwise.
Sorry, I forgot to respond to this. And I know you are working now, but
I want to respond so it is in the archives.
Yes, you are correct that both local subnets have to be different. This
is just a simple IP routing requirement. My point was in CIDR notation.
A subnet is often represented as a network number and netmask.
192.168.4.0/24 for example. But it can also be represented by the first
IP address and subnet, like 192.168.4.1/24. Both refer to the exact
same network. In theory, so would 192.168.56/24 but nobody uses that.
However, in racoon and some other IPsec implementations, 192.168.4.0/24
and 192.168.4.1/24 are NOT considered the same. So when you say the
local subnet on system A is 192.168.4.0/24 and on system B you say the
remote subnet is 192.168.4.1/24 the tunnel does not properly come up and
the logs do not say why...
Note that I did not test this on everything, but I KNOW it fails on
m0n0wall 1.34 and Sonicwall IPsec connections.