VPN

Hi

I have a m0n0wall (v13.) behind a dsl router. The dsl router does ip forwarding. So, the WAN nic from the m0n0wall is in private network. I use shrew vpn client v2.1.7 to create a tunnel connection.

Setup:

<Public IP> --> DSL Router (LAN:192.168.1.1 / IP forwarding for all public initiated traffic) --> m0n0wall (WAN:192.168.1.2 / LAN:192.168.2.1)

Logfile output:

Apr 13 11:43:07   racoon: ERROR: phase1 negotiation failed due to time up. 0c831e7ad4670aca:36d88ea4846b44a7
Apr 13 11:42:17   racoon: INFO: Hashing 192.168.1.2[500] with algo #2
Apr 13 11:42:17   racoon: INFO: Hashing 91.xxx.xxx.xxx[51918] with algo #2
Apr 13 11:42:17   racoon: INFO: Adding remote and local NAT-D payloads.
Apr 13 11:42:17   racoon: INFO: Selected NAT-T version: RFC 3947
Apr 13 11:42:17   racoon: INFO: received Vendor ID: CISCO-UNITY
Apr 13 11:42:17   racoon: INFO: received Vendor ID: DPD
Apr 13 11:42:17   racoon: INFO: received Vendor ID: RFC 3947
Apr 13 11:42:17   racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Apr 13 11:42:17   racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Apr 13 11:42:17   racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
Apr 13 11:42:17   racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Apr 13 11:42:17   racoon: INFO: begin Aggressive mode.
Apr 13 11:42:17   racoon: INFO: respond new phase 1 negotiation: 192.168.1.2[500]<=>91.xxx.xxx.xxx[51918]

Please help
bb

Hi all

There was a problem with the dsl router. The ISP did reconfigure the ip_forwarding automatically. So, that's why I did not get any tunnel init again.

thx bb

Anyhow, i believe You should use only DSL modem and m0n0 as router, it's better that way.