News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  VPN
linktree Topic: IPSEC VON Problem
Pages: [1]
Topic: IPSEC VON Problem  (Read 1438 times)
« on: August 28, 2013, 14:29:38 »
gpearl *
Posts: 2
Virtual Machine Config Setup

I am trying to duplicate a real world problem in a virtual setup.

I need to connect two seperate networks using an IPSec VPN conneciton.  After a little research
I found M0n0wall.

This is the setup:

Site A
   EXT:     200.200.200.5/24
   INT:   10.10.5.1/24

Site B
   EXT:   200.200.200.10/24
   INT:   10.10.10.1/24

I created a WAN rule on both firewall so the external IP can be pinged and machines from each
site can ping both ext IPS.


Site A IPSec Config
   --Phase 1--
   Interface = WAN
   Local Subnet = Lan SUBNET
   Remote Subnet = 10.10.10.1/24
   Remote Gateway = 200.200.200.10
   Description = Site_B_Tunnel
   Mode = Aggressive
   My Identifier = My IP Address <blank>  ??Is this my problem??
   encryption = blowfish
   hash = SHA1
   DH Key = 2
   Lifetime = 28800
   Auth Methed = Pre-shared
   Key = 24681012141618202224262830
   --Phase 2--
   Protocol = ESP
   Encrypt = Blowfish
   Hash = ShA1
   PFS = 2
   LifeTime = 86400

Site B IPSec Config
   --Phase 1--
   Interface = WAN
   Local Subnet = Lan SUBNET
   Remote Subnet = 10.10.5.1/24
   Remote Gateway = 200.200.200.5
   Description = Site_A_Tunnel
   Mode = Aggressive
   My Identifier = My IP Address <blank>  ??Is this my problem??
   encryption = BlowFish
   hash = SHA1
   DH Key = 2
   Lifetime = 28800
   Auth Methed = Pre-shared
   Key = 24681012141618202224262830
   --Phase 2--
   Protocol = ESP
   Encrypt = Blowfish
   Hash = sha1
   PFS = 2
   LifeTime = 86400



The problem is that I can not ping a resource on the other subnet from either site. 
I am trying by name so that name resolution should not be a concern.

Can anyone see what I have setup wrong??

Thnkas
« Reply #1 on: August 28, 2013, 17:32:43 »
Lee Sharp *****
Posts: 517
Do not use "LAN Subnet" for the local network, but actually type in the network.  Is "LAN Subnet" 10.10.10.1/24 or 10.10.10.0/24?  It is best if you just use IPs.

The Identifier of "My IP Address is fine if you are a static IP.
« Reply #2 on: August 29, 2013, 13:58:26 »
gpearl *
Posts: 2
I made the network changes and all is working.  It may have been working previously also because the machines I was try to test ping had windows firewall enabled (another change I made at the same time).  Depending on my time availability and my own curiosity level I might set things back and see if it was working or not.

Thanks for your help.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines