[ previous ] [ next ] [ threads ]
 
 From:  The Wandering Dru <dru at druswanderings dot net>
 To:  Curt Shaffer <curt at chilitech dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec continued
 Date:  Fri, 02 Apr 2004 10:29:45 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Curt Shaffer wrote:
| OK,
|
| Starting out the day fresh. I have two m0n0wall units for testing.
| m0n0wall A with the internal IP of 10.0.0.1 and the external ip of
| 10.200.1.2. I made sure that that check was marked not to block private
| networks. on the second unit m0n0wall B I have the internal IP as
| 192.168.0.1 and the external as 10.200.1.1 again making sure that it was
| not blocking private blocks.
|
| The VPN is set up on both as follows:
|
| m0n0wall A
|
| Interface: WAN
| Local Subnet: LAN Subnet
| Remote Subnet: 192.168.0.0/24
| Remote Gateway: 10.200.1.1
| Description: m0n0wall A
| Negotiation: aggressive
| My Identifier: chilitest.com
| Encryption Alg.: Blowfish
| Has Alg: SHA1
| DH Key Group: 2
| Lifetime: 28800
| Pre-shared key: chilitech!
| Protocol: ESP
| Encryption Algs.: Blowfish
| Hash Algs: SHA1
| PFS Key Group: 2
| Lifetime: 86400
|
| m0n0wall B
|
| Interface: WAN
| Local Subnet: LAN Subnet
| Remote Subnet: 10.0.0.0/8
| Remote Gateway: 10.200.1.2
| Description: m0n0wall B
| Negotiation: aggressive
| My Identifier: chilitest.com
| Encryption Alg.: Blowfish
| Has Alg: SHA1
| DH Key Group: 2
| Lifetime: 28800
| Pre-shared key: chilitech!
| Protocol: ESP
| Encryption Algs.: Blowfish
| Hash Algs: SHA1
| PFS Key Group: 2
| Lifetime: 86400
|

<snipped rules>


It may be nothing, but I noticed your Remote Subnet setting on m0n0 B
includes the gateway IPs of both boxes.  Try making it smaller, say
10.0.0.0/16.

I'm no expert in IPSEC but I do know it's working between my home and
work(m0n0wall in both places).

- --
The Wandering Dru             GnuPG Key: 0x506A915F
http://www.druswanderings.net

Get nifty TCLUG merchandise at the TCLUG Store!
http://www.cafeshops.com/tclug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAbZT5iwhv4FBqkV8RAkxfAKC98yNXMt8zzqS8OBAEXAe2z1a4EACeM/vp
S3DlOS8SFutKQz1nDki4GrQ=
=bYvF
-----END PGP SIGNATURE-----