[ previous ] [ next ] [ threads ]
 
 From:  "Terry Miller" <terry at millfam dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Error messages on an IPSec VPN - more details
 Date:  Mon, 6 Sep 2004 09:57:54 -0500
Change the preshared keys to be the same on both machines. 

-----Original Message-----
From: friscom at tin dot it [mailto:friscom at tin dot it] 
Sent: Monday, September 06, 2004 8:36 AM
To: m0n0wall at lists dot m0n0 dot ch
Cc: Terry Miller
Subject: RE: [m0n0wall] Error messages on an IPSec VPN - more details


Terry and others,
I understand I better specify with more details my configurations. Basic HW
is 2 Soekris 4501 boxes with m0n0wall 1.0 installed.

Such hw includes 3 ethernet ports each, named: eth0 (sis0), eth1(sis1),...

I configured it in the follwoing manner:
FW1				          FW2
eth0 (LAN)-192.168.1.22		eth0 (LAN)-192.168.2.24
eth1 (OPT)-176.20.0.22		eth1 (OPT)-176.20.0.24
eth2 (WAN)-10.0.0.22		eth2 (WAN)-10.0.0.24

There is a crosscable between the two OPT interfaces.

Both configurations use the following IPSec settings:
Interface 	OPT (both)
Local Subnet 	LAN (both)
Remote subnet	192.168.2.0/24	192.168.1.0/24
Remote gateway	176.20.0.24	176.20.0.22

Phase 1
Negotiation-	aggesssive
My identifier- 	(My address)
Encryption- 	3DES
hash-		MD5
DH key - 	type 5
PSK-		testVPN
lifetime-	28800

Phase 2
Protocol-	ESP
Encryption-	AES
hash-		MD5
PSF key group-	off
lifetime-	86400

Identifier: two (different and) valid email addresses
Preshared keys: different per each configuration
		mono1VPN	mono2VPN	

The SPD reports the correct configuration for the VPN tunnel as per above
The SAD err message is: "No IPsec security association"

Thanks to everyone willing to share their knowledge
Francesco


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch