Hello everyone, first time here.<br><br>I'm trying to connect to a Sonicwall Pro 2040 running their Enhanced OS using the Group VPN. I've followed both the Openswan wiki documentation using 3DES/MD5 and the Sonicwall documentation using 3DES/SHA1 with little luck. Turning off aggressive mode seems to allow the authentication process to go further than with it on as well as turning of PFS. But anyway, here is my current
ipsec.conf information:<br><br>version 2.0<br><br># basic configuration<br>config setup<br> <br> plutodebug=all<br> nat_traversal=yes<br> dumpdir=/root<br><br>conn sonicwall<br> #type=tunnel<br> left=%defaultroute
<br> leftsubnet=(my subnet)<br> leftid=@home<br> leftxauthclient=yes<br> right=(my sonicwall public ip)<br> rightsubnet=(subnet behind sonicwall)<br> rightxauthserver=yes<br> rightid=(ID of my sonicwall)
<br> keyingtries=0<br> pfs=no<br> aggrmode=no<br> auto=add<br> auth=esp<br> #esp=3des-md5-96<br> esp=3des-sha1<br> #keyexchange=ike<br> ike=3des-sha1<br> #ike=3des-md5-96<br> authby=secret
<br> xauth=yes<br><br>Here is my ipsec.secrets file:<br><br>@home (ID of my sonicwall) : PSK "my shared secret"<br><br>On the Sonicwall, I've configured the Group VPN without PFS and have tried back and forth with MD5 and SHA1 as seen above in the .conf file. Both provide the same essential log output as seen below. It seems to get stuck with the unknown hash playload bit at the bottom/malformed payload in packet bit over and over. Has anyone seen anything like this? I'm running Openswan
2.4.4 on Ubuntu 6.06. <br><br>002 "sonicwall" #1: initiating Main Mode<br>104 "sonicwall" #1: STATE_MAIN_I1: initiate<br>003 "sonicwall" #1: ignoring unknown Vendor ID payload [5b362bc820f60001]
<br>003 "sonicwall" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108<br>002 "sonicwall" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)002 "sonicwall" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
<br>106 "sonicwall" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>003 "sonicwall" #1: ignoring unknown Vendor ID payload [404bf439522ca3f6]<br>003 "sonicwall" #1: received Vendor ID payload [XAUTH]
<br>003 "sonicwall" #1: received Vendor ID payload [Dead Peer Detection]<br>002 "sonicwall" #1: I did not send a certificate because I do not have one.<br>003 "sonicwall" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
<br>002 "sonicwall" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>108 "sonicwall" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>003 "sonicwall" #1: Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=STATE_MAIN_I3)
<br>010 "sonicwall" #1: STATE_MAIN_I3: retransmission; will wait 20s for response<br>002 "sonicwall" #1: Main mode peer ID is ID_FQDN: '(my sonicwall ID)'<br>002 "sonicwall" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
<br>004 "sonicwall" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}<br>003 "sonicwall" #1: next payload type of ISAKMP Hash Payload has an unknown value: 246
<br>003 "sonicwall" #1: malformed payload in packet<br>002 "sonicwall" #1: sending notification PAYLOAD_MALFORMED to (my sonicwall public IP):4500<br><br><br>Thanks in advance for any insight you can provide.
<br><br>Aaron Kincer<br>