[ previous ] [ next ] [ threads ]
 
 From:  "Brian" <mono at ricerage dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec continued
 Date:  Fri, 2 Apr 2004 11:00:05 -0500 (EST)
I'm posting while reading your mail, so my apologies if I sound a bit
disjointed.

You've tried pinging the opposite external IPs via the webguis, just to
test IP, right? Also, you don't need to specify allow rules for ESP and
AH, it'll be taken care of automatically. That said, the configs APPEAR to
be good.

 Brian

> OK,
>
> Starting out the day fresh. I have two m0n0wall units for testing.
> m0n0wall A with the internal IP of 10.0.0.1 and the external ip of
> 10.200.1.2. I made sure that that check was marked not to block private
> networks. on the second unit m0n0wall B I have the internal IP as
> 192.168.0.1 and the external as 10.200.1.1 again making sure that it
> was not blocking private blocks.
>
> The VPN is set up on both as follows:
>
> m0n0wall A
>
> Interface: WAN
> Local Subnet: LAN Subnet
> Remote Subnet: 192.168.0.0/24
> Remote Gateway: 10.200.1.1
> Description: m0n0wall A
> Negotiation: aggressive
> My Identifier: chilitest.com
> Encryption Alg.: Blowfish
> Has Alg: SHA1
> DH Key Group: 2
> Lifetime: 28800
> Pre-shared key: chilitech!
> Protocol: ESP
> Encryption Algs.: Blowfish
> Hash Algs: SHA1
> PFS Key Group: 2
> Lifetime: 86400
>
> m0n0wall B
>
> Interface: WAN
> Local Subnet: LAN Subnet
> Remote Subnet: 10.0.0.0/8
> Remote Gateway: 10.200.1.2
> Description: m0n0wall B
> Negotiation: aggressive
> My Identifier: chilitest.com
> Encryption Alg.: Blowfish
> Has Alg: SHA1
> DH Key Group: 2
> Lifetime: 28800
> Pre-shared key: chilitech!
> Protocol: ESP
> Encryption Algs.: Blowfish
> Hash Algs: SHA1
> PFS Key Group: 2
> Lifetime: 86400
>
> The firewall rules are as follows:
>
> m0n0wall A
>
> WAN Interface
>
> proto: ESP
> Source: *
> Port: *
> Destination: *
> Port: *
> Description: Allow ESP for VPN IPSec
>
> LAN Interface
>
> proto: *
> Source: *
> Port: *
> Destination: *
> Port: *
> Description: Default LAN->any
>
> m0n0wall A
>
> WAN Interface
>
> proto: ESP
> Source: *
> Port: *
> Destination: *
> Port: *
> Description: Allow ESP for VPN IPSec
>
> LAN Interface
>
> proto: *
> Source: *
> Port: *
> Destination: *
> Port: *
> Description: Default LAN->any
>
> DHCP is enabled on both.
>
> Am I being stupid here or should this setup work? I have a laptop on
> either end of both m0n0wall b0xes with cross over cables and from
> laptop to m0n0 and m0n0 to m0n0 and cannot connect one to the other via
> any protocol. On the diagnostics tab for IPSec SAD has nothing and SPD
> reflects the settings of the IPSec that I entered respective of both
> firewalls. I do not feel that I have  not taken any time to get this
> right, I have been working on it for almost 6 hours now.  I am getting
> close I can smell it! Can anyone help?!
>
> Thanks again and a million!
>
> Curt Shaffer
> Wireless/Network Specialist
> Chilitech Internet Solutions
> 1-800-866-chili
> www.chilitech.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>