Hi,
I'm running m0n0wall on a Soekris Net4801. The first 4 IPsec tunnels I've established are working great. Three of these VPN tunnels are to other m0n0walls and 1 is to a PIX 501. All have statis public IPs, different internal subnets (none are overlapping at all) and are using 3DES with aggressive negotiation and a Pre-shared Key for authentication.
I have subsequently added 2 more IPsec VPN tunnels, but I'm getting some strange behavior:
These 2 new tunnels are going to a newly built m0n0wall running 1.23 and a Cisco PIX 506e. They are completely seperate tunnels and I'm only mentioning them both because they are having the same issue.
For starters, it took FOREVER for these last 2 VPN tunnels to actually get established. I'm talking hours and hours before I ever saw it attempt to create a connection in the logs. I tried rebooting the device through the GUI, by unplugging it, basically anything to get it to attempt to establish the new tunnel. After checking it for about 6 hours I just left it alone and then came back after ignoring it for about a day and the tunnel was established on both sides.
For whatever reason I can only ping the remote m0n0 or PIX internal IP address and the remote device cannot ping my m0n0's internal IP at all.
My m0n0: 192.168.50.1/24
Remote m0n0: 10.5.1.254/24
Remote PIX 506e: 192.168.19.1/24
The SA and SPD all seem to be correct. I've deleted them and allowed them to be recreated.
Both VPN tunnels are having the same issue. I don't have any error messages in the logs for either of the tunnels.
Any light people can shed on this issue would be greatly appreciated. I'd also like to know approximately how many concurrent 3DES VPN connections can be supported by a single Net4801.
Thanks,
Kidd
|
m0n0wall Forum > m0n0wall Support (English) > VPN
Topic: Net4801 Running m0n0wall: How many simultaneous IPsec tunnels?