[ previous ] [ next ] [ threads ]
 
 From:  friscom at tin dot it
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  "Terry Miller" <terry at millfam dot org>
 Subject:  RE: [m0n0wall] Error messages on an IPSec VPN - more details
 Date:  Mon, 6 Sep 2004 15:35:53 +0200
Terry and others,
I understand I better specify with more details my configurations.
Basic HW is 2 Soekris 4501 boxes with m0n0wall 1.0 installed.

Such hw includes 3 ethernet ports each, named: eth0 (sis0), eth1(sis1),...

I configured it in the follwoing manner:
FW1				          FW2
eth0 (LAN)-192.168.1.22		eth0 (LAN)-192.168.2.24
eth1 (OPT)-176.20.0.22		eth1 (OPT)-176.20.0.24
eth2 (WAN)-10.0.0.22		eth2 (WAN)-10.0.0.24

There is a crosscable between the two OPT interfaces.

Both configurations use the following IPSec settings:
Interface 	OPT (both)
Local Subnet 	LAN (both)
Remote subnet	192.168.2.0/24	192.168.1.0/24
Remote gateway	176.20.0.24	176.20.0.22

Phase 1
Negotiation-	aggesssive
My identifier- 	(My address)
Encryption- 	3DES
hash-		MD5
DH key - 	type 5
PSK-		testVPN
lifetime-	28800

Phase 2
Protocol-	ESP
Encryption-	AES
hash-		MD5
PSF key group-	off
lifetime-	86400

Identifier: two (different and) valid email addresses
Preshared keys: different per each configuration
		mono1VPN	mono2VPN	

The SPD reports the correct configuration for the VPN tunnel as per above
The SAD err message is: "No IPsec security association"

Thanks to everyone willing to share their knowledge
Francesco