<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.6944.0">
<TITLE>Strange IPSEC issue</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>I have a strange problem connecting a sonicwall to my openvpn server. </FONT>
<BR><FONT SIZE=2>If I specify subnets directly it works, however if I set the sonicwall </FONT>
<BR><FONT SIZE=2>send all traffic through the tunnel(0.0.0.0/0) to openswan, I get the </FONT>
<BR><FONT SIZE=2>following error over and over and over and over again.</FONT>
</P>
<P><FONT SIZE=2>Sep 5 18:56:02 openswan pluto[5526]: "lohc-all-ATT" #387: </FONT>
<BR><FONT SIZE=2>STATE_MAIN_R3: sent MR3, ISAKMP SA established </FONT>
<BR><FONT SIZE=2>{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha </FONT>
<BR><FONT SIZE=2>group=modp1024}</FONT>
<BR><FONT SIZE=2>Sep 5 18:56:02 openswan pluto[5526]: "lohc-all-ATT" #387: cannot </FONT>
<BR><FONT SIZE=2>respond to IPsec SA request because no connection is known for </FONT>
<BR><FONT SIZE=2>0.0.0.0/0===openswan-box...remote-site</FONT>
</P>
<P><FONT SIZE=2>Normally I'd see the remote-site's subnet in the error(192.168.8.0) but </FONT>
<BR><FONT SIZE=2>this looks like it's not sending any subnet to tunnel, which is really </FONT>
<BR><FONT SIZE=2>strange</FONT>
</P>
<P><FONT SIZE=2>Below is my openswan configuration, let me know if I'm going about this </FONT>
<BR><FONT SIZE=2>wrong(I'm trying to do a hub-spoke configuration.</FONT>
</P>
<P><FONT SIZE=2>conn lohc-all-ATT</FONT>
<BR><FONT SIZE=2> leftsubnet=0.0.0.0/0</FONT>
<BR><FONT SIZE=2> authby=secret</FONT>
<BR><FONT SIZE=2> auto=add</FONT>
<BR><FONT SIZE=2> left=openswan-box</FONT>
<BR><FONT SIZE=2> leftnexthop=openswan-gateway</FONT>
<BR><FONT SIZE=2> pfs=no</FONT>
<BR><FONT SIZE=2> right=remote-site</FONT>
<BR><FONT SIZE=2> rightsubnet=192.168.8.0/24</FONT>
</P>
<BR>
</BODY>
</HTML>