<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.10.3">
</HEAD>
<BODY>
On Wed, 2006-09-27 at 08:58 +0200, Francesco Peeters wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">On Wed, September 27, 2006 08:51, Bas Driessen wrote:</FONT>
<FONT COLOR="#000000">> Hello,</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> I am having trouble getting a Openswan client connection to work from</FONT>
<FONT COLOR="#000000">> linux (Fedora Core 5 x86_64) to an SonicWALL VPN. The settings passed on</FONT>
<FONT COLOR="#000000">> by the administrator of that site is DES MD5 group 1.</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Going through the lists, I found out that DES is not supported by</FONT>
<FONT COLOR="#000000">> default in OpenSwan, so I have re-compiled the package by setting the</FONT>
<FONT COLOR="#000000">> USE_WEAKSTUFF?=true flag in the Makefile.inc and also corrected the line</FONT>
<FONT COLOR="#000000">> to WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES in the Makefile of Pluto.</FONT>
<FONT COLOR="#000000">> All compiles OK. I know that 3DES is better etc, but this is out of my</FONT>
<FONT COLOR="#000000">> control. I have to get it to work with the current setup.</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> I am very very close to get it all to work, but there is a last hurdle</FONT>
<FONT COLOR="#000000">> that I can't get out of the way. Below the information. Would appreciate</FONT>
<FONT COLOR="#000000">> any help/tips/comments. Also can I enable some additional debugging to</FONT>
<FONT COLOR="#000000">> find out what I am missing?</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> My settings are as follows (for security reasons I have marked the VPN</FONT>
<FONT COLOR="#000000">> ip number sections with nnn and changed the key password):</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> sonicwall.conf</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> conn sonicwall</FONT>
<FONT COLOR="#000000">> left=%defaultroute</FONT>
<FONT COLOR="#000000">> leftsubnet=192.168.1.0/24</FONT>
<FONT COLOR="#000000">> leftid=192.168.1.13</FONT>
<FONT COLOR="#000000">> right=66.nnn.nnn.nnn</FONT>
<FONT COLOR="#000000">> rightsubnet=192.168.128.0/24</FONT>
<FONT COLOR="#000000">> rightid=66.nnn.nnn.nnn</FONT>
<FONT COLOR="#000000">> keyingtries=0</FONT>
<FONT COLOR="#000000">> pfs=yes</FONT>
<FONT COLOR="#000000">> aggrmode=no</FONT>
<FONT COLOR="#000000">> auto=add</FONT>
<FONT COLOR="#000000">> auth=esp</FONT>
<FONT COLOR="#000000">> ike=des-md5-modp768</FONT>
<FONT COLOR="#000000">> esp=des-md5</FONT>
<FONT COLOR="#000000">> authby=secret</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> sonicwall.secrets</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> 192.168.1.13 66.nnn.nnn.nnn : PSK "abcdef"</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> ipsec starts OK using /etc/rc.d/init.d/ipsec restart</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Then I try to get the connection up with:</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> /usr/sbin/ipsec whack --name sonicwall --initiate</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> output as follows:</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> # /usr/sbin/ipsec whack --name sonicwall --initiate</FONT>
<FONT COLOR="#000000">> 002 "sonicwall" #1: initiating Main Mode</FONT>
<FONT COLOR="#000000">> 104 "sonicwall" #1: STATE_MAIN_I1: initiate</FONT>
<FONT COLOR="#000000">> 003 "sonicwall" #1: received Vendor ID payload</FONT>
<FONT COLOR="#000000">> [draft-ietf-ipsec-nat-t-ike-00]</FONT>
<FONT COLOR="#000000">> 003 "sonicwall" #1: You should NOT use insecure IKE algorithms</FONT>
<FONT COLOR="#000000">> (OAKLEY_DES_CBC)!</FONT>
<FONT COLOR="#000000">> 002 "sonicwall" #1: enabling possible NAT-traversal with method</FONT>
<FONT COLOR="#000000">> draft-ietf-ipsec-nat-t-ike-02/03</FONT>
<FONT COLOR="#000000">> 002 "sonicwall" #1: transition from state STATE_MAIN_I1 to state</FONT>
<FONT COLOR="#000000">> STATE_MAIN_I2</FONT>
<FONT COLOR="#000000">> 106 "sonicwall" #1: STATE_MAIN_I2: sent MI2, expecting MR2</FONT>
<FONT COLOR="#000000">> 003 "sonicwall" #1: ignoring unknown Vendor ID payload</FONT>
<FONT COLOR="#000000">> [da8e937880010000]</FONT>
<FONT COLOR="#000000">> 003 "sonicwall" #1: ignoring unknown Vendor ID payload</FONT>
<FONT COLOR="#000000">> [404bf439522ca3f6]</FONT>
<FONT COLOR="#000000">> 003 "sonicwall" #1: received Vendor ID payload [XAUTH]</FONT>
<FONT COLOR="#000000">> 002 "sonicwall" #1: I did not send a certificate because I do not have</FONT>
<FONT COLOR="#000000">> one.</FONT>
<FONT COLOR="#000000">> 003 "sonicwall" #1: NAT-Traversal: Result using</FONT>
<FONT COLOR="#000000">> draft-ietf-ipsec-nat-t-ike-00/01: i am NATed</FONT>
<FONT COLOR="#000000">> 002 "sonicwall" #1: transition from state STATE_MAIN_I2 to state</FONT>
<FONT COLOR="#000000">> STATE_MAIN_I3</FONT>
<FONT COLOR="#000000">> 108 "sonicwall" #1: STATE_MAIN_I3: sent MI3, expecting MR3</FONT>
<FONT COLOR="#000000">> 002 "sonicwall" #1: Main mode peer ID is ID_IPV4_ADDR: '66.nnn.nnn.nnn'</FONT>
<FONT COLOR="#000000">> 002 "sonicwall" #1: transition from state STATE_MAIN_I3 to state</FONT>
<FONT COLOR="#000000">> STATE_MAIN_I4</FONT>
<FONT COLOR="#000000">> 004 "sonicwall" #1: STATE_MAIN_I4: ISAKMP SA established</FONT>
<FONT COLOR="#000000">> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_md5</FONT>
<FONT COLOR="#000000">> group=modp768}</FONT>
<FONT COLOR="#000000">> 002 "sonicwall" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP</FONT>
<FONT COLOR="#000000">> {using isakmp#1}</FONT>
<FONT COLOR="#000000">> 117 "sonicwall" #2: STATE_QUICK_I1: initiate</FONT>
<FONT COLOR="#000000">> 010 "sonicwall" #2: STATE_QUICK_I1: retransmission; will wait 20s for</FONT>
<FONT COLOR="#000000">> response</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> The output of /usr/sbin/ipsec auto --status</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> 000 interface lo/lo ::1</FONT>
<FONT COLOR="#000000">> 000 interface lo/lo 127.0.0.1</FONT>
<FONT COLOR="#000000">> 000 interface lo/lo 127.0.0.1</FONT>
<FONT COLOR="#000000">> 000 interface eth0/eth0 192.168.1.13</FONT>
<FONT COLOR="#000000">> 000 interface eth0/eth0 192.168.1.13</FONT>
<FONT COLOR="#000000">> 000 %myid = (none)</FONT>
<FONT COLOR="#000000">> 000 debug none</FONT>
<FONT COLOR="#000000">> 000</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,</FONT>
<FONT COLOR="#000000">> keysizemax=64</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,</FONT>
<FONT COLOR="#000000">> keysizemax=192</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,</FONT>
<FONT COLOR="#000000">> keysizemin=40, keysizemax=448</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,</FONT>
<FONT COLOR="#000000">> keysizemax=0</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,</FONT>
<FONT COLOR="#000000">> keysizemax=256</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,</FONT>
<FONT COLOR="#000000">> keysizemin=128, keysizemax=256</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,</FONT>
<FONT COLOR="#000000">> keysizemin=128, keysizemax=256</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,</FONT>
<FONT COLOR="#000000">> keysizemin=128, keysizemax=128</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,</FONT>
<FONT COLOR="#000000">> keysizemin=160, keysizemax=160</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,</FONT>
<FONT COLOR="#000000">> keysizemin=256, keysizemax=256</FONT>
<FONT COLOR="#000000">> 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,</FONT>
<FONT COLOR="#000000">> keysizemax=0</FONT>
<FONT COLOR="#000000">> 000</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE encrypt: id=1, name=OAKLEY_DES_CBC, blocksize=8,</FONT>
<FONT COLOR="#000000">> keydeflen=64</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,</FONT>
<FONT COLOR="#000000">> keydeflen=192</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,</FONT>
<FONT COLOR="#000000">> keydeflen=128</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE dh group: id=1, name=OAKLEY_GROUP_MODP768, bits=768</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144</FONT>
<FONT COLOR="#000000">> 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192</FONT>
<FONT COLOR="#000000">> 000</FONT>
<FONT COLOR="#000000">> 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,4,64}</FONT>
<FONT COLOR="#000000">> trans={0,4,672} attrs={0,4,224}</FONT>
<FONT COLOR="#000000">> 000</FONT>
<FONT COLOR="#000000">> 000 "sonicwall":</FONT>
<FONT COLOR="#000000">> 192.168.1.0/24===192.168.1.13---192.168.1.1...66.nnn.nnn.nnn===192.168.128.0/24;</FONT>
<FONT COLOR="#000000">> unrouted; eroute owner: #0</FONT>
<FONT COLOR="#000000">> 000 "sonicwall": srcip=unset; dstip=unset; srcup=ipsec _updown;</FONT>
<FONT COLOR="#000000">> dstup=ipsec _updown;</FONT>
<FONT COLOR="#000000">> 000 "sonicwall": ike_life: 3600s; ipsec_life: 28800s; rekey_margin:</FONT>
<FONT COLOR="#000000">> 540s; rekey_fuzz: 100%; keyingtries: 0</FONT>
<FONT COLOR="#000000">> 000 "sonicwall": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24;</FONT>
<FONT COLOR="#000000">> interface: eth0;</FONT>
<FONT COLOR="#000000">> 000 "sonicwall": newest ISAKMP SA: #1; newest IPsec SA: #0;</FONT>
<FONT COLOR="#000000">> 000 "sonicwall": IKE algorithms wanted: 1_000-1-1, flags=-strict</FONT>
<FONT COLOR="#000000">> 000 "sonicwall": IKE algorithms found: 1_064-1_128-1,</FONT>
<FONT COLOR="#000000">> 000 "sonicwall": IKE algorithm newest: DES_CBC_64-MD5-MODP768</FONT>
<FONT COLOR="#000000">> 000 "sonicwall": ESP algorithms wanted: 2_000-1, flags=-strict</FONT>
<FONT COLOR="#000000">> 000 "sonicwall": ESP algorithms loaded: 2_000-1, flags=-strict</FONT>
<FONT COLOR="#000000">> 000</FONT>
<FONT COLOR="#000000">> 000 #4: "sonicwall":500 STATE_QUICK_I1 (sent QI1, expecting QR1);</FONT>
<FONT COLOR="#000000">> EVENT_RETRANSMIT in 40s; nodpd</FONT>
<FONT COLOR="#000000">> 000 #1: "sonicwall":500 STATE_MAIN_I4 (ISAKMP SA established);</FONT>
<FONT COLOR="#000000">> EVENT_SA_REPLACE in 2499s; newest ISAKMP; nodpd</FONT>
<FONT COLOR="#000000">> 000</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> The output dumped in /var/log/secure:</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: shutting down</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: forgetting secrets</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: "sonicwall": deleting connection</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: "sonicwall" #3: deleting state</FONT>
<FONT COLOR="#000000">> (STATE_QUICK_I1)</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: "sonicwall" #2: deleting state</FONT>
<FONT COLOR="#000000">> (STATE_QUICK_I1)</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: "sonicwall" #1: deleting state</FONT>
<FONT COLOR="#000000">> (STATE_MAIN_I4)</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: shutting down interface lo/lo ::1:500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: shutting down interface lo/lo</FONT>
<FONT COLOR="#000000">> 127.0.0.1:4500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: shutting down interface lo/lo</FONT>
<FONT COLOR="#000000">> 127.0.0.1:500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: shutting down interface eth0/eth0</FONT>
<FONT COLOR="#000000">> 192.168.1.13:4500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:31 ams pluto[15124]: shutting down interface eth0/eth0</FONT>
<FONT COLOR="#000000">> 192.168.1.13:500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:33 ams ipsec__plutorun: Starting Pluto subsystem...</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:33 ams pluto[15319]: Starting Pluto (Openswan Version 2.4.4</FONT>
<FONT COLOR="#000000">> X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID</FONT>
<FONT COLOR="#000000">> OEz}FFFfgr_e)</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:33 ams pluto[15319]: Setting NAT-Traversal port-4500</FONT>
<FONT COLOR="#000000">> floating to on</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:33 ams pluto[15319]: port floating activation criteria</FONT>
<FONT COLOR="#000000">> nat_t=1/port_fload=1</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:33 ams pluto[15319]: including NAT-Traversal patch</FONT>
<FONT COLOR="#000000">> (Version 0.6c)</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: ike_alg_register_enc(): Activating</FONT>
<FONT COLOR="#000000">> OAKLEY_AES_CBC: Ok (ret=0)</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: starting up 1 cryptographic helpers</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: started helper pid=15320 (fd:6)</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: Using Linux 2.6 IPsec interface code</FONT>
<FONT COLOR="#000000">> on 2.6.17-1.2187_FC5</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: Could not change to directory</FONT>
<FONT COLOR="#000000">> '/etc/ipsec.d/cacerts'</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: Could not change to directory</FONT>
<FONT COLOR="#000000">> '/etc/ipsec.d/aacerts'</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: Could not change to directory</FONT>
<FONT COLOR="#000000">> '/etc/ipsec.d/ocspcerts'</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: Could not change to directory</FONT>
<FONT COLOR="#000000">> '/etc/ipsec.d/crls'</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: added connection description</FONT>
<FONT COLOR="#000000">> "sonicwall"</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: listening for IKE messages</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: adding interface eth0/eth0</FONT>
<FONT COLOR="#000000">> 192.168.1.13:500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: adding interface eth0/eth0</FONT>
<FONT COLOR="#000000">> 192.168.1.13:4500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: adding interface lo/lo 127.0.0.1:500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: adding interface lo/lo 127.0.0.1:4500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: adding interface lo/lo ::1:500</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: loading secrets from</FONT>
<FONT COLOR="#000000">> "/etc/ipsec.secrets"</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: loading secrets from</FONT>
<FONT COLOR="#000000">> "/etc/ipsec.d/hostkey.secrets"</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:34 ams pluto[15319]: loading secrets from</FONT>
<FONT COLOR="#000000">> "/etc/ipsec.d/sonicwall.secrets"</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:40 ams pluto[15319]: "sonicwall" #1: initiating Main Mode</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: received Vendor ID</FONT>
<FONT COLOR="#000000">> payload [draft-ietf-ipsec-nat-t-ike-00]</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: You should NOT use</FONT>
<FONT COLOR="#000000">> insecure IKE algorithms (OAKLEY_DES_CBC)!</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: enabling possible</FONT>
<FONT COLOR="#000000">> NAT-traversal with method draft-ietf-ipsec-nat-t-ike-02/03</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: transition from state</FONT>
<FONT COLOR="#000000">> STATE_MAIN_I1 to state STATE_MAIN_I2</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: STATE_MAIN_I2: sent</FONT>
<FONT COLOR="#000000">> MI2, expecting MR2</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: ignoring unknown</FONT>
<FONT COLOR="#000000">> Vendor ID payload [da8e937880010000]</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: ignoring unknown</FONT>
<FONT COLOR="#000000">> Vendor ID payload [404bf439522ca3f6]</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: received Vendor ID</FONT>
<FONT COLOR="#000000">> payload [XAUTH]</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: I did not send a</FONT>
<FONT COLOR="#000000">> certificate because I do not have one.</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: NAT-Traversal: Result</FONT>
<FONT COLOR="#000000">> using draft-ietf-ipsec-nat-t-ike-00/01: i am NATed</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: transition from state</FONT>
<FONT COLOR="#000000">> STATE_MAIN_I2 to state STATE_MAIN_I3</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: STATE_MAIN_I3: sent</FONT>
<FONT COLOR="#000000">> MI3, expecting MR3</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: Main mode peer ID is</FONT>
<FONT COLOR="#000000">> ID_IPV4_ADDR: '66.nnn.nnn.nnn'</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: transition from state</FONT>
<FONT COLOR="#000000">> STATE_MAIN_I3 to state STATE_MAIN_I4</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: STATE_MAIN_I4: ISAKMP</FONT>
<FONT COLOR="#000000">> SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64</FONT>
<FONT COLOR="#000000">> prf=oakley_md5 group=modp768}</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #2: initiating Quick Mode</FONT>
<FONT COLOR="#000000">> PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: ignoring informational</FONT>
<FONT COLOR="#000000">> payload, type NO_PROPOSAL_CHOSEN</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:41 ams pluto[15319]: "sonicwall" #1: received and ignored</FONT>
<FONT COLOR="#000000">> informational message</FONT>
<FONT COLOR="#000000">> Sep 27 16:43:52 ams pluto[15319]: "sonicwall" #1: discarding duplicate</FONT>
<FONT COLOR="#000000">> packet; already STATE_MAIN_I4</FONT>
<FONT COLOR="#000000">> Sep 27 16:44:11 ams pluto[15319]: "sonicwall" #1: ignoring informational</FONT>
<FONT COLOR="#000000">> payload, type NO_PROPOSAL_CHOSEN</FONT>
<FONT COLOR="#000000">> Sep 27 16:44:11 ams pluto[15319]: "sonicwall" #1: received and ignored</FONT>
<FONT COLOR="#000000">> informational message</FONT>
<FONT COLOR="#000000">> Sep 27 16:44:51 ams pluto[15319]: "sonicwall" #2: max number of</FONT>
<FONT COLOR="#000000">> retransmissions (2) reached STATE_QUICK_I1. No acceptable response to</FONT>
<FONT COLOR="#000000">> our first Quick Mode message: perhaps peer likes no proposal</FONT>
<FONT COLOR="#000000">> Sep 27 16:44:51 ams pluto[15319]: "sonicwall" #2: starting keying</FONT>
<FONT COLOR="#000000">> attempt 2 of an unlimited number, but releasing whack</FONT>
<FONT COLOR="#000000">> Sep 27 16:44:51 ams pluto[15319]: "sonicwall" #3: initiating Quick Mode</FONT>
<FONT COLOR="#000000">> PSK+ENCRYPT+TUNNEL+PFS+UP to replace #2 {using isakmp#1}</FONT>
<FONT COLOR="#000000">> Sep 27 16:44:52 ams pluto[15319]: "sonicwall" #1: ignoring informational</FONT>
<FONT COLOR="#000000">> payload, type NO_PROPOSAL_CHOSEN</FONT>
<FONT COLOR="#000000">> Sep 27 16:44:52 ams pluto[15319]: "sonicwall" #1: received and ignored</FONT>
<FONT COLOR="#000000">> informational message</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Thanks in advance for any response,</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Bas.</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">You'd also need to have the SNWL logs to knoe why it doesn't complete phase 2</FONT>
<FONT COLOR="#000000">Also you'll need more info on the SNWL side, including what version of OS</FONT>
<FONT COLOR="#000000">they are using</FONT>
<FONT COLOR="#000000">Lastly, if they have a halfway decent version, you will *not* be able to</FONT>
<FONT COLOR="#000000">use the GroupVPN SA, as that will require the SNWL VPN Client!...</FONT>
</PRE>
</BLOCKQUOTE>
Thanks Francesco. Will request the log files from the administrator.<BR>
<BR>
Can you please clarify GroupVPN SA versus VPN Client? All I need is a VPN client connection. If there is a different package that is easy to set up on Linux, that is the thing I want.<BR>
<BR>
Bas.<BR>
<BR>
</BODY>
</HTML>