[ previous ] [ next ] [ threads ]
 From:  Joschka Blohm <admin at zpt dash muenster dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec with AVM Fritz!Box
 Date:  Tue, 04 Feb 2014 21:00:52 +0100
Am 04.02.2014 17:38, schrieb Lee Sharp:
> Yes, you are correct that both local subnets have to be different.  This
> is just a simple IP routing requirement.  My point was in CIDR notation.
>   A subnet is often represented as a network number and netmask.
> for example.  But it can also be represented by the first
> IP address and subnet, like  Both refer to the exact
> same network.  In theory, so would 192.168.56/24 but nobody uses that.

Thank you Lee for pointing this out. I've done my homework correctly and 
have watched out for these errors. They didn't come up in my 
configuration which I have tested.

I don't really know what the specific error in my scenario was, but now 
it is working brilliantly. I ping a host, first ping times out, but 
second one gets through.
I think it might be some setting with the 3DES, AES and the hash 
algorithms. The Fritz!Box excepts just a few and they have to match on 
both sides, but sadly the manufacturer AVM does not disclose them properly.

Nevertheless, thank you again for your replies.


Diese E-Mail und eventuelle Anlagen können vertrauliche und/oder 
rechtlich geschützte Informationen enthalten. Wenn Sie nicht der 
richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, 
informieren Sie bitte sofort den Absender und vernichten Sie diese 
E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser 
E-Mail sind nicht gestattet.

This e-mail and any attachments may contain confidential and/or 
privileged information. If you are not the intended recipient (or have 
received this e-mail in error) please notify the sender immediately and 
destroy this e-mail. Any unauthorized copying, disclosure or 
distribution of the material in this e-mail is strictly forbidden.