[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ipsec tunnel problems
 Date:  Tue, 11 May 2004 16:53:13 +0200
On 08.05.2004 17:29 -0400, Jean-Francois Theroux wrote:

> 	I'm trying to establish a IPsec tunnel between 2 m0n0 boxes.
> Here's the setup i have:
> 
> m0n0-1 ----------- Internet ----------- m0n0-2
> 172.16.3.x/24                           10.0.0.0/8
> 216.58.x.x                              69.28.x.x
> 
> So, the tunnel is established seems to be established.
> But on the m0n0-2 side, here's what I have in the diagnostics/ipsec
> section:
> 
> 
> Source        Destination   Protocol SPI      Enc. alg. Auth. alg.
> 10.0.0.1      216.58.29.149 ESP      0f47cf71 3des-cbc  hmac-md5
> 216.58.29.149 10.0.0.1      ESP      03b28200 3des-cbc  hmac-md5
> 
> I don't get this one. Anyone knows how to fix it? Because I can't
> ping across the tunnel. I know I should have both public IPs there.
> Just don't know why I don't get them.

Just for the archives: this problem was caused by user-added NAT
rules for IKE (UDP 500) to m0n0wall's LAN IP address, which obviously
had no point being there. Removing them cured the problem.

- Manuel