[ previous ] [ next ] [ threads ]
 From:  Matchstick <matchstick at oofg dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re[2]: [m0n0wall] M0n0wall to IPCop VPN
 Date:  Tue, 21 Sep 2004 09:32:53 +0100
Tuesday, September 21, 2004, 12:45:09 AM, Mark Pimentel (mpimentel at dsl dot ca) wrote:

Cheers for your help on this one.

Finally got it working with pretty much the basic setting, thought I
did have to set the Negotiation Mode to Main rather than Agressive.

Still not quite sure why I was having so many problems in the past but
that's life :)



MP> This is my IPCOP ipsec.conf:

MP> config setup
MP>         interfaces=%defaultroute
MP>         klipsdebug=none
MP>         plutodebug=none
MP>         plutoload=%search
MP>         plutostart=%search
MP>         uniqueids=yes
MP>         nat_traversal=yes

MP> conn %default
MP>         keyingtries=0

MP> conn block
MP>     auto=ignore

MP> conn private
MP>     auto=ignore

MP> conn private-or-clear
MP>     auto=ignore

MP> conn clear-or-private
MP>     auto=ignore

MP> conn clear
MP>     auto=ignore

MP> conn packetdefault
MP>     auto=ignore

MP> conn ipcop-mono
MP>         compress=no
MP>         left=<ipcop public ip>
MP>         leftsubnet=<network behind ipcop>/mask
MP>         leftnexthop=%defaultroute
MP>         type=tunnel
MP>         authby=secret
MP>         pfs=yes
MP>         right=%any
MP>         rightsubnet=<network-behind-mono>/mask
MP>         rightnexthop=%defaultroute
MP>         auto=add

MP> then set up your mono with standard settings (try
MP> everything checked off first).  Seems to work for me.

MP>  --- "Christopher M. Iarocci" <iarocci at eastendsc dot com>
MP> wrote: 
>> Matchstick wrote:
>> >Hi,
>> >
>> >has anyone successfully set up an IPSec VPN
>> connection between M0n0wall
>> >and IPCop.  ?
>> >
>> >I've been trying intermittently for a while now
>> with no real success
>> >so if someone has got it to work and can give me
>> some pointers it
>> >would be much appreciated.
>> >
>> >Thanks
>> >  
>> >
>> I have done this in the past, but it was a LONG time
>> ago.  Somewhere in 
>> the order of one of the first releases of m0n0 that
>> included IPSec 
>> capabilities with dynamic WAN ips.  It certainly can
>> be done.  Exactly 
>> how, I don't really remember.  I had the tunnel up
>> and running reliably 
>> for about 4 months before not needing it anymore.
>> Chris
MP> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail:
>> m0n0wall dash help at lists dot m0n0 dot ch

matchstick at oofg dot com