News: This forum is now permanently frozen.
Pages: [1]
Topic: Upgrade to 1.3 m0n0wall to m0n0wall IPsec Tunnel UP, no data flow? [SOLVED]  (Read 1928 times)
« on: December 13, 2009, 19:42:36 »
knightmb ****
Posts: 341

Here's the info.

I have two sites, each with a static WAN IP. They use IPsec between them to link two networks, one is 192.168.0.0/24 and the other is 192.168.8.0/24

This has worked fine for many years.

I've upgraded both sites to 1.3 release of m0n0wall. For some reason, data flow has stopped.

I've double checked all the IPSec settings between the sites. When I look at the logs, I see where the Tunnel is build and established. All the ranges are good, no errors in the log files.

But for some reason, I can not even ping between machines on the two networks. I can't even have m0n0wall ping from itself to the other m0n0wall machine.

I've checked the firewall logs, nothing being blocked. I've checked the firewall rules, all access to both sites is set for both LAN and IPsec like it should be (was that way already)

I've tried restarting both machines, changing out encryption settings, turning on "Bypass firewall rules for traffic on the same interface" in the Advanced System settings with no luck.

I'm really stumped because everything is working, nothing in the logs indicate anything wrong. The tunnels even show up in the "Diagnostics" section under IPsec section with all the proper ranges and matching encryption.

I might have to revert these two sites back to the 1.2X release, but before I did is there any reason that this should not work? Am I missing a new setting for 1.3 release than needs to be setup?

Any info would be greatly appreciated.
« Last Edit: December 13, 2009, 20:19:10 by knightmb »

Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
« Reply #1 on: December 13, 2009, 20:18:57 »
knightmb ****
Posts: 341

SOLVED!

Thank me later that I saved you an half day of testing to figure out what it was, LOL.


1.3 m0n0wall, "Negotiation mode" is broken on 'Aggressive'

I setup two brand new 1.3 m0n0wall boxes on a private network to finally figure this one out.

The instructions on the website recommend "Aggressive' instead of 'main' to speed things up, but I've found this is broken in 1.3 vs. the 1.2X series that I just tested with.

I'll file a bug report, but I'm glad I found the solution and hope this saves anyone else reading this a day worth of testing and teeth gnashing.  Grin

Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines