[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC VPN problem on 1.1
 Date:  Thu, 26 Aug 2004 23:06:14 -0700 (PDT)
On Wed, 25 Aug 2004, Dana Spiegel wrote:

> My understanding is that the m0n0wall ipsec server takes care of this 
> automatically, and it doesn't need to be added to the firewall by hand.

Yes, though it's actually the rule generator, not the "IPsec server" that
does this.  In fact, it allows all three cases (UDP 500, ESP, and AH) on
all interfaces, whether needed or not. :-)

But apparently your real problem is fixed.

> On Aug 25, 2004, at 6:52 PM, Brian Buys wrote:
> 
> > Hello!  You may want to check your firewall rules, and make sure that 
> > you
> > have allowed ESP protocol on port 500 so that the authentication can 
> > occur.
> > Perhaps check your firewall logs and see if it is being blocked.

Actually, it's *UDP* port 500 for IKE, and ESP for the actual IPsec.

					Fred Wright