[ previous ] [ next ] [ threads ]
 
 From:  Curt Shaffer <curt at chilitech dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSec continued
 Date:  Fri, 2 Apr 2004 08:54:03 -0500
OK,

Starting out the day fresh. I have two m0n0wall units for testing. 
m0n0wall A with the internal IP of 10.0.0.1 and the external ip of 
10.200.1.2. I made sure that that check was marked not to block private 
networks. on the second unit m0n0wall B I have the internal IP as 
192.168.0.1 and the external as 10.200.1.1 again making sure that it 
was not blocking private blocks.

The VPN is set up on both as follows:

m0n0wall A

Interface: WAN
Local Subnet: LAN Subnet
Remote Subnet: 192.168.0.0/24
Remote Gateway: 10.200.1.1
Description: m0n0wall A
Negotiation: aggressive
My Identifier: chilitest.com
Encryption Alg.: Blowfish
Has Alg: SHA1
DH Key Group: 2
Lifetime: 28800
Pre-shared key: chilitech!
Protocol: ESP
Encryption Algs.: Blowfish
Hash Algs: SHA1
PFS Key Group: 2
Lifetime: 86400

m0n0wall B

Interface: WAN
Local Subnet: LAN Subnet
Remote Subnet: 10.0.0.0/8
Remote Gateway: 10.200.1.2
Description: m0n0wall B
Negotiation: aggressive
My Identifier: chilitest.com
Encryption Alg.: Blowfish
Has Alg: SHA1
DH Key Group: 2
Lifetime: 28800
Pre-shared key: chilitech!
Protocol: ESP
Encryption Algs.: Blowfish
Hash Algs: SHA1
PFS Key Group: 2
Lifetime: 86400

The firewall rules are as follows:

m0n0wall A

WAN Interface

proto: ESP
Source: *
Port: *
Destination: *
Port: *
Description: Allow ESP for VPN IPSec

LAN Interface

proto: *
Source: *
Port: *
Destination: *
Port: *
Description: Default LAN->any

m0n0wall A

WAN Interface

proto: ESP
Source: *
Port: *
Destination: *
Port: *
Description: Allow ESP for VPN IPSec

LAN Interface

proto: *
Source: *
Port: *
Destination: *
Port: *
Description: Default LAN->any

DHCP is enabled on both.

Am I being stupid here or should this setup work? I have a laptop on 
either end of both m0n0wall b0xes with cross over cables and from 
laptop to m0n0 and m0n0 to m0n0 and cannot connect one to the other via 
any protocol. On the diagnostics tab for IPSec SAD has nothing and SPD 
reflects the settings of the IPSec that I entered respective of both 
firewalls. I do not feel that I have  not taken any time to get this 
right, I have been working on it for almost 6 hours now.  I am getting 
close I can smell it! Can anyone help?!

Thanks again and a million!

Curt Shaffer
Wireless/Network Specialist
Chilitech Internet Solutions
1-800-866-chili
www.chilitech.com