Re: [m0n0wall] ipsec tunnel problems

From:	Manuel Kasper <mk at neon1 dot net>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] ipsec tunnel problems
Date:	Tue, 11 May 2004 16:53:13 +0200

On 08.05.2004 17:29 -0400, Jean-Francois Theroux wrote:

> 	I'm trying to establish a IPsec tunnel between 2 m0n0 boxes.
> Here's the setup i have:
> 
> m0n0-1 ----------- Internet ----------- m0n0-2
> 172.16.3.x/24                           10.0.0.0/8
> 216.58.x.x                              69.28.x.x
> 
> So, the tunnel is established seems to be established.
> But on the m0n0-2 side, here's what I have in the diagnostics/ipsec
> section:
> 
> 
> Source        Destination   Protocol SPI      Enc. alg. Auth. alg.
> 10.0.0.1      216.58.29.149 ESP      0f47cf71 3des-cbc  hmac-md5
> 216.58.29.149 10.0.0.1      ESP      03b28200 3des-cbc  hmac-md5
> 
> I don't get this one. Anyone knows how to fix it? Because I can't
> ping across the tunnel. I know I should have both public IPs there.
> Just don't know why I don't get them.

Just for the archives: this problem was caused by user-added NAT
rules for IKE (UDP 500) to m0n0wall's LAN IP address, which obviously
had no point being there. Removing them cured the problem.

- Manuel