[ previous ] [ next ] [ threads ]
 
 From:  "Brian Buys" <bbuys at tritel dot com>
 To:  "Fred Wright" <fw at well dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPSEC VPN problem on 1.1
 Date:  Fri, 27 Aug 2004 12:15:05 -0600
Thank you for the correction.  When I initially setup my IPSEC on m0n0, I
thought I had read that I needed to expicity allow the authentication in a
firewall rule.  Since that is apparently not the case, I'll have to go back
and remove them.  Of course, had I read the log that he posted originally, I
would not have mis-diagnosed it in the first place ;)

Cheers,

Brian

----- Original Message ----- 
From: "Fred Wright" <fw at well dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, August 27, 2004 12:06 AM
Subject: Re: [m0n0wall] IPSEC VPN problem on 1.1


>
>
> On Wed, 25 Aug 2004, Dana Spiegel wrote:
>
> > My understanding is that the m0n0wall ipsec server takes care of this
> > automatically, and it doesn't need to be added to the firewall by hand.
>
> Yes, though it's actually the rule generator, not the "IPsec server" that
> does this.  In fact, it allows all three cases (UDP 500, ESP, and AH) on
> all interfaces, whether needed or not. :-)
>
> But apparently your real problem is fixed.
>
> > On Aug 25, 2004, at 6:52 PM, Brian Buys wrote:
> >
> > > Hello!  You may want to check your firewall rules, and make sure that
> > > you
> > > have allowed ESP protocol on port 500 so that the authentication can
> > > occur.
> > > Perhaps check your firewall logs and see if it is being blocked.
>
> Actually, it's *UDP* port 500 for IKE, and ESP for the actual IPsec.
>
> Fred Wright
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>