|
||||||||||
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Curt Shaffer wrote: | OK, | | Starting out the day fresh. I have two m0n0wall units for testing. | m0n0wall A with the internal IP of 10.0.0.1 and the external ip of | 10.200.1.2. I made sure that that check was marked not to block private | networks. on the second unit m0n0wall B I have the internal IP as | 192.168.0.1 and the external as 10.200.1.1 again making sure that it was | not blocking private blocks. | | The VPN is set up on both as follows: | | m0n0wall A | | Interface: WAN | Local Subnet: LAN Subnet | Remote Subnet: 192.168.0.0/24 | Remote Gateway: 10.200.1.1 | Description: m0n0wall A | Negotiation: aggressive | My Identifier: chilitest.com | Encryption Alg.: Blowfish | Has Alg: SHA1 | DH Key Group: 2 | Lifetime: 28800 | Pre-shared key: chilitech! | Protocol: ESP | Encryption Algs.: Blowfish | Hash Algs: SHA1 | PFS Key Group: 2 | Lifetime: 86400 | | m0n0wall B | | Interface: WAN | Local Subnet: LAN Subnet | Remote Subnet: 10.0.0.0/8 | Remote Gateway: 10.200.1.2 | Description: m0n0wall B | Negotiation: aggressive | My Identifier: chilitest.com | Encryption Alg.: Blowfish | Has Alg: SHA1 | DH Key Group: 2 | Lifetime: 28800 | Pre-shared key: chilitech! | Protocol: ESP | Encryption Algs.: Blowfish | Hash Algs: SHA1 | PFS Key Group: 2 | Lifetime: 86400 | <snipped rules> It may be nothing, but I noticed your Remote Subnet setting on m0n0 B includes the gateway IPs of both boxes. Try making it smaller, say 10.0.0.0/16. I'm no expert in IPSEC but I do know it's working between my home and work(m0n0wall in both places). - -- The Wandering Dru GnuPG Key: 0x506A915F http://www.druswanderings.net Get nifty TCLUG merchandise at the TCLUG Store! http://www.cafeshops.com/tclug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAbZT5iwhv4FBqkV8RAkxfAKC98yNXMt8zzqS8OBAEXAe2z1a4EACeM/vp S3DlOS8SFutKQz1nDki4GrQ= =bYvF -----END PGP SIGNATURE----- |