|
||||||||
Hello, I am a new user of the m0n0wall and I have a litte bit trouble. I try to connect via IPsec to our office but it doesent work. In our office we use Astaro Linux Firewall V5 (http://www.astaro.de) Here my configurations: 123.123.123.123 --> office public IP (static) 212.1.1.5 --> my public IP (static) (WAN) 192.168.4.0/24 --> local Network 10.10.10.0/24 --> remote Network 192.168.4.254 --> m0n0wall intern IP (LAN) racoon.conf: path pre_shared_key "/var/etc/psk.txt"; remote 123.123.123.123 { exchange_mode aggressive; my_identifier address "212.1.1.5"; peers_identifier address 123.123.123.123; initial_contact on; support_proxy on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 5; lifetime time 7800 secs; } lifetime time 7800 secs; } sainfo address 192.168.4.0/24 any address 10.10.10.0/24 any { encryption_algorithm 3des,blowfish,cast128,rijndael; authentication_algorithm hmac_md5; compression_algorithm deflate; pfs_group 5; lifetime time 3600 secs; } SPD: 192.168.4.0/24[any] 192.168.4.254[any] any in none spid=97 seq=3 pid=2582 refcnt=1 10.10.10.0/24[any] 192.168.4.0/24[any] any in ipsec esp/tunnel/123.123.123.123-212.1.1.5/unique#16438 spid=100 seq=2 pid=2582 refcnt=1 192.168.4.254[any] 192.168.4.0/24[any] any out none spid=98 seq=1 pid=2582 refcnt=1 192.168.4.0/24[any] 10.10.10.0/24[any] any out ipsec esp/tunnel/212.1.1.5-123.123.123/unique#16437 spid=99 seq=0 pid=2582 refcnt=1 Systemlog: Sep 20 12:42:48 eurowall1 racoon: INFO: main.c:172:main(): @(#)package version freebsd-20040617a Sep 20 12:42:48 eurowall1 racoon: INFO: main.c:174:main(): @(#)internal version 20001216 sakane at kame dot net Sep 20 12:42:48 eurowall1 racoon: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/) Sep 20 12:42:48 eurowall1 racoon: INFO: isakmp.c:1368:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=7) Sep 20 12:42:48 eurowall1 racoon: INFO: isakmp.c:1368:isakmp_open(): 212.1.1.5[500] used as isakmp port (fd=8) Sep 20 12:42:48 eurowall1 racoon: INFO: isakmp.c:1368:isakmp_open(): 192.168.4.254[500] used as isakmp port (fd=9) Sep 20 12:42:48 eurowall1 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy already exists. anyway replace it: 192.168.4.0/24[0] 192.168.4.254/32[0] proto=any dir=in Sep 20 12:42:48 eurowall1 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy already exists. anyway replace it: 10.10.10.0/24[0] 192.168.4.0/24[0] proto=any dir=in Sep 20 12:42:48 eurowall1 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy already exists. anyway replace it: 192.168.4.254/32[0] 192.168.4.0/24[0] proto=any dir=out Sep 20 12:42:48 eurowall1 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy already exists. anyway replace it: 192.168.4.0/24[0] 192.168.10.0/24[0] proto=any dir=out config.xml: <ipsec> <tunnel> <interface>wan</interface> <local-subnet> <network>lan</network> </local-subnet> <remote-subnet>10.10.10.0/24</remote-subnet> <remote-gateway>123.123.123.123</remote-gateway> <p1> <mode>aggressive</mode> <myident> <myaddress/> </myident> <encryption-algorithm>3des</encryption-algorithm> <hash-algorithm>md5</hash-algorithm> <dhgroup>5</dhgroup> <lifetime>7800</lifetime> <pre-shared-key>xxxxxxxxxxxxxxxxxxxxxxxxxxxxx</pr e-shared-key> </p1> <p2> <protocol>esp</protocol> <encryption-algorithm-option>3des</encryption-alg orithm-option> <encryption-algorithm-option>blowfish</encryption -algorithm-option> <encryption-algorithm-option>cast128</encryption -algorithm-option> <encryption-algorithm-option>rijndael</encryption -algorithm-option> <hash-algorithm-option>hmac_md5</hash-algorithm-o ption> <pfsgroup>5</pfsgroup> <lifetime>3600</lifetime> </p2> <descr>OfficeGW</descr> </tunnel> <enable/> </ipsec> Ok, I think thats it. On the Astaro Linux I habe configured: -- Sören Mindorf EUROIMMUN AG Seekamp 31 D-23560 Lübeck Tel. 0451-5855-520 Fax. 0451-5855-591 E-Mail: s dot mindorf at euroimmun dot de Homepage: www.euroimmun.de |