|
||||||||
Thank you for the correction. When I initially setup my IPSEC on m0n0, I thought I had read that I needed to expicity allow the authentication in a firewall rule. Since that is apparently not the case, I'll have to go back and remove them. Of course, had I read the log that he posted originally, I would not have mis-diagnosed it in the first place ;) Cheers, Brian ----- Original Message ----- From: "Fred Wright" <fw at well dot com> To: <m0n0wall at lists dot m0n0 dot ch> Sent: Friday, August 27, 2004 12:06 AM Subject: Re: [m0n0wall] IPSEC VPN problem on 1.1 > > > On Wed, 25 Aug 2004, Dana Spiegel wrote: > > > My understanding is that the m0n0wall ipsec server takes care of this > > automatically, and it doesn't need to be added to the firewall by hand. > > Yes, though it's actually the rule generator, not the "IPsec server" that > does this. In fact, it allows all three cases (UDP 500, ESP, and AH) on > all interfaces, whether needed or not. :-) > > But apparently your real problem is fixed. > > > On Aug 25, 2004, at 6:52 PM, Brian Buys wrote: > > > > > Hello! You may want to check your firewall rules, and make sure that > > > you > > > have allowed ESP protocol on port 500 so that the authentication can > > > occur. > > > Perhaps check your firewall logs and see if it is being blocked. > > Actually, it's *UDP* port 500 for IKE, and ESP for the actual IPsec. > > Fred Wright > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |