Forgive the lame pun. I'm trying to setup a tunnel between 2 monowalls, no NAT between them. I've read the handbook and reviewed the section on IPSec carefully, seems like it should be a straightforward thing.
Except it doesn't seem to be working. I'm on "mono B" and I can't bring up the GUI of "mono A" via its LAN address. I can't ping mono A or any of its LAN clients. Seems to me these things should work if I have things setup correctly.
I really think there will be something obvious here, but my familiarity with IPSec is nil, and I've searched the forum to no avail. Please have a look and point me in the right direction if you will.
In summary, mono A: monoB:
WAN x.x.x.2/27 WAN x.x.x.34/27
LAN 10.0/16 LAN 10.1/16
status.php (mono A):
racoon.conf
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
remote x.x.x.34 {
exchange_mode aggressive;
my_identifier address "x.x.x.2";
nat_traversal on;
peers_identifier address x.x.x.34;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm blowfish;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 5;
lifetime time 57600 secs;
}
lifetime time 57600 secs;
}
sainfo address 10.0.0.0/16 any address 10.1.0.0/16 any {
encryption_algorithm blowfish;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 5;
lifetime time 86400 secs;
}
remote anonymous {
exchange_mode aggressive;
my_identifier address "x.x.x.2";
initial_contact on;
passive on;
generate_policy on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm blowfish;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 5;
lifetime time 28800 secs;
}
lifetime time 28800 secs;
}
sainfo anonymous {
encryption_algorithm blowfish;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 5;
lifetime time 86400 secs;
}
SPD
10.0.0.0/16[any] 10.0.0.1[any] any
in none
spid=21 seq=3 pid=49152
refcnt=1
10.1.0.0/16[any] 10.0.0.0/16[any] any
in ipsec
esp/tunnel/x.x.x.34-x.x.x.2/unique#16396
spid=24 seq=2 pid=49152
refcnt=1
10.0.0.1[any] 10.0.0.0/16[any] any
out none
spid=22 seq=1 pid=49152
refcnt=1
10.0.0.0/16[any] 10.1.0.0/16[any] any
out ipsec
esp/tunnel/x.x.x.2-x.x.x.34/unique#16395
spid=23 seq=0 pid=49152
refcnt=1
SAD
No SAD entries.
status.php (mono B):
racoon.conf
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
remote x.x.x.2 {
exchange_mode aggressive;
my_identifier address "x.x.x.34";
nat_traversal on;
peers_identifier address x.x.x.2;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm blowfish;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 5;
lifetime time 57600 secs;
}
lifetime time 57600 secs;
}
sainfo address 10.1.0.0/16 any address 10.0.0.0/16 any {
encryption_algorithm blowfish;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 5;
lifetime time 86400 secs;
}
SPD
10.1.0.0/16[any] 10.1.0.1[any] any
in none
spid=21 seq=3 pid=29348
refcnt=1
10.0.0.0/16[any] 10.1.0.0/16[any] any
in ipsec
esp/tunnel/x.x.x.2-x.x.x.34/unique#16396
spid=24 seq=2 pid=29348
refcnt=1
10.1.0.1[any] 10.1.0.0/16[any] any
out none
spid=22 seq=1 pid=29348
refcnt=1
10.1.0.0/16[any] 10.0.0.0/16[any] any
out ipsec
esp/tunnel/x.x.x.34-x.x.x.2/unique#16395
spid=23 seq=0 pid=29348
refcnt=1
SAD
No SAD entries.
Topic: IPSec m0n0 à m0n0