1. Yes the masks are /22 for the internal LAN
2. I should have checked the ipfstat. I have another unit that connects fine to OpenBSD and I was
wondering why it was working without the rules. I have deleted the extra UDP/ESP rules. Thanks
3. Yes I can ping the LAN host using "ping -S 172.16.100.22 -c 10 172.16.40.23" from the exec.php
And now it works.
Note: This is a backup circuit for a Frame Relay connection.
Shouldn't this connection be permanent or will it only come up when there is traffic?
Why did ping wake it up?
From: Vincent Fleuranceau [mailto:vincent at bikost dot com]
Sent: Friday, July 23, 2004 7:00 AM
To: Kevin Roosdahl
Subject: Re: [m0n0wall] Problem setting up IPSec between two Soekris net4501 running m0n0wall 1.0
1° - Verify the netmask, in particular the /22 one ; The "standard"
value is /24.
2° - You don't need to set up specific filter rules for IPSec because m0n0wall takes care of that
for you. Idem for routing.
3° - Try to ping some remote host from a LAN host, or even go to exec.php and type:
ping -S <LAN_IP> -c10 <LAN_IP_ON_OTHER_END_OF_TUNNEL>
Note: the tunnel may take 5 seconds to establish, maybe up to 60 seconds if it has to clean expired
Please let me know if it works.