On 08.05.2004 17:29 -0400, Jean-Francois Theroux wrote:
> I'm trying to establish a IPsec tunnel between 2 m0n0 boxes.
> Here's the setup i have:
> m0n0-1 ----------- Internet ----------- m0n0-2
> 172.16.3.x/24 10.0.0.0/8
> 216.58.x.x 69.28.x.x
> So, the tunnel is established seems to be established.
> But on the m0n0-2 side, here's what I have in the diagnostics/ipsec
> Source Destination Protocol SPI Enc. alg. Auth. alg.
> 10.0.0.1 220.127.116.11 ESP 0f47cf71 3des-cbc hmac-md5
> 18.104.22.168 10.0.0.1 ESP 03b28200 3des-cbc hmac-md5
> I don't get this one. Anyone knows how to fix it? Because I can't
> ping across the tunnel. I know I should have both public IPs there.
> Just don't know why I don't get them.
Just for the archives: this problem was caused by user-added NAT
rules for IKE (UDP 500) to m0n0wall's LAN IP address, which obviously
had no point being there. Removing them cured the problem.