Hi All
we use monowall 2 monowall ipsec tunnels. We have about 20 boxes in the field. normaly is the ipsec no problem, untill today
today we had to setup 2 new systems with the latest version,
Config box 1 headoffice
Lan ip ->192.168.0.1
Subnet -> 255.255.255.0
Wan ip -> isp wan ip
local subnet type -> lan subnet
remote subnet -> 10.224.86.0/24
remote gateway -> wan ip suboffice
Phase 1
negotation mode -> aggressive
my identifier -> My Ip adress
EA -> 3DES
Hash algorithms -> SHA1
DH Key -> 2
lifetime -> 28800
Authentication Method -> preshared key
bla bla bla
certificate -> Empty
key -> Empty
peer certificate -> EMPTY
Phase 2
Protocol -> ESP
Encryption
algorithms [ ]DES not checked
[v]3DES
[v]Blowfish
[v]CAST128
[v]Rijndael
Hash algorithms -> MD5
PSF Key -> off
Lifetime -> 86400
box 2 Suboffice
Lan ip -> 10.224.86.1
subnetmask -> 255.255.255.0
wan ip -> from isp
local subnet type -> lan subnet
remote subnet -> 192.168.0.0/24
remote gateway -> wan ip headoffice
Phase 1
Phase 1
negotation mode -> aggressive
my identifier -> My Ip adress
EA -> 3DES
HA -> SHA1
DH Key -> 2
lifetime -> 28800
Authentication Method -> preshared key
bla bla bla
certificate -> empty
key -> empty
peer certificate -> EMPTY
Phase 2
Protocol -> ESP
Encryption
algorithms [ ]DES not checked
[v]3DES
[v]Blowfish
[v]CAST128
[v]Rijndael
Hash algotithm -> MD5
PSF Key -> off
Lifetime -> 86400
It seems to me this has to work but the log says:
racoon: ERROR: such policy already exists. anyway replace it: 10.224.86.0/24[0] 10.224.86.1/32[0] proto=any dir=in
racoon: ERROR: such policy already exists. anyway replace it: 192.168.0.0/24[0] 10.224.86.0/24[0] proto=any dir=in
racoon: ERROR: such policy already exists. anyway replace it: 10.224.86.1/32[0] 10.224.86.0/24[0] proto=any dir=out
racoon: ERROR: such policy already exists. anyway replace it: 10.224.86.0/24[0] 192.168.0.0/24[0] proto=any dir=out
can someone help me, because i'm eating my hair out
greets
Daan