<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; CHARSET=UTF-8">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi, im running 7 tunnels to a Sonicwall t170
Enhanced, with no problems at all, if you send the sonicwall configuration to
the list i think that i can help you, im sending (attached) my Ipsec.conf,
Ipsec.secrets and a screen capture of the sonicwall config</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>---------------------------- ipsec.conf
----------------------------------------------------------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2>version 2.0 # conforms to second version
of ipsec.conf specification</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># basic configuration</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>config
setup<BR> interfaces=%defaultroute<BR> # Debug-logging controls:
"none" for (almost) none, "all" for
lots.<BR> klipsdebug=none<BR> plutodebug=none<BR> uniqueids=yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>conn block<BR>
auto=ignore<BR>conn private<BR> auto=ignore<BR>conn
private-or-clear<BR> auto=ignore<BR>conn
clear-or-private<BR> auto=ignore<BR>conn
clear<BR> auto=ignore<BR>conn
packetdefault<BR> auto=ignore</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>conn ToSonic<BR> type=tunnel<BR> auth=esp<BR> authby=secret<BR> auto=start<BR> pfs=yes<BR> dpddelay=60<BR> dpdtimeout=120<BR> dpdaction=clear<BR> left=%defaultroute<BR> leftsubnet=192.168.80.0/24<BR> right=xxx.xxx.xxx.xxx
( Sonicwall IP HERE
)<BR><BR> rightsubnet=192.168.1.0/24<BR> keyexchange=ike</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>conn ToSonicwall2<BR> type=tunnel<BR> auto=route<BR> auth=esp<BR> authby=secret<BR> pfs=yes<BR> keyingtries=1<BR> dpddelay=60<BR> dpdtimeout=120<BR> dpdaction=clear <BR> left=%defaultroute<BR> leftsubnet=192.168.80.0/24<BR> right=xxx.xxx.xxx.xxx
( Sonicwall IP HERE
)<BR> rightsubnet=192.168.3.0/24<BR> keyexchange=ike</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>conn ToSonicwall3<BR> type=tunnel<BR> auto=route<BR> auth=esp<BR> authby=secret<BR> pfs=yes<BR> keyingtries=1<BR> dpddelay=60<BR> dpdtimeout=120<BR> dpdaction=clear<BR> left=%defaultroute<BR> leftsubnet=192.168.80.0/24<BR> right=xxx.xxx.xxx.xxx
( Sonicwall IP HERE
)<BR> rightsubnet=192.168.4.0/24<BR> keyexchange=ike</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>conn ToSonicwall4<BR> type=tunnel<BR> auto=route<BR> auth=esp<BR> authby=secret<BR> pfs=yes<BR> keyingtries=1<BR> dpddelay=60<BR> dpdtimeout=120<BR> dpdaction=clear <BR> left=%defaultroute<BR> leftsubnet=192.168.80.0/24<BR> right=xxx.xxx.xxx.xxx
( Sonicwall IP HERE
)<BR> rightsubnet=192.168.5.0/24<BR> keyexchange=ike</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>conn ToSonicwall5<BR> type=tunnel<BR> auto=route<BR> auth=esp<BR> authby=secret<BR> pfs=yes<BR> keyingtries=1<BR> dpddelay=60<BR> dpdtimeout=120<BR> dpdaction=clear <BR> left=%defaultroute<BR> leftsubnet=192.168.80.0/24<BR> right=216.41.108.242<BR> rightsubnet=192.168.6.0/24<BR> keyexchange=ike</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>conn ToSonicwall6<BR> type=tunnel<BR> auto=route<BR> auth=esp<BR> authby=secret<BR> pfs=yes<BR> keyingtries=1<BR> left=%defaultroute<BR> leftsubnet=192.168.80.0/24<BR> right=xxx.xxx.xxx.xxx
( Sonicwall IP HERE
)<BR> rightsubnet=192.168.7.0/24<BR> keyexchange=ike</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>conn ToSonicwall7</FONT></DIV>
<DIV><FONT face=Arial
size=2> type=tunnel<BR> auto=route<BR> auth=esp<BR> authby=secret<BR> pfs=yes<BR> keyingtries=1<BR> dpddelay=60<BR> dpdtimeout=120<BR> dpdaction=clear <BR> left=%defaultroute<BR> leftsubnet=192.168.80.0/24<BR> right=xxx.xxx.xxx.xxx
( Sonicwall IP HERE
)<BR> rightsubnet=192.168.8.0/24<BR> keyexchange=ike</FONT></DIV>
<DIV><FONT face=Arial
size=2> ------------------------------------------------------------------------------------------------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2>ipsec.secrets</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>: PSK "xxxxxxxxxxxxxxxxx" Same as in Sonicwall
Textbox<BR></DIV></FONT>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>---- Original Message ----- </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=bas.driessen@xobas.com href="mailto:bas.driessen@xobas.com">Bas
Driessen</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=paul@xelerance.com
href="mailto:paul@xelerance.com">Paul Wouters</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=users@openswan.org
href="mailto:users@openswan.org">users@openswan.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, September 27, 2006 7:28
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Openswan Users] Openswan
Linux Client to SonicWallWindows Server.</DIV>
<DIV><BR></DIV>On Wed, 2006-09-27 at 16:51 +0200, Paul Wouters wrote:
<BLOCKQUOTE TYPE="CITE"><PRE><FONT color=#000000>On Wed, 27 Sep 2006, Bas Driessen wrote:</FONT>
<FONT color=#000000>> Going through the lists, I found out that DES is not supported by</FONT>
<FONT color=#000000>> default in OpenSwan, so I have re-compiled the package by setting the</FONT>
<FONT color=#000000>> USE_WEAKSTUFF?=true flag in the Makefile.inc and also corrected the line</FONT>
<FONT color=#000000>> to WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES in the Makefile of Pluto.</FONT>
<FONT color=#000000>> All compiles OK. I know that 3DES is better etc, but this is out of my</FONT>
<FONT color=#000000>> control. I have to get it to work with the current setup.</FONT>
<FONT color=#000000>You might also need to set USE_BROKEN=yes</FONT>
<FONT color=#000000>3DES is not "better". 1DES is trivially brute forced. You have no VPN. You</FONT>
<FONT color=#000000>better make sure your boss knows that, and gets it in writing, so that</FONT>
<FONT color=#000000>you can blame management for this unwise decision.</FONT>
<FONT color=#000000>> left=%defaultroute</FONT>
<FONT color=#000000>> leftsubnet=192.168.1.0/24</FONT>
<FONT color=#000000>> leftid=192.168.1.13</FONT>
<FONT color=#000000>> sonicwall.secrets</FONT>
<FONT color=#000000>></FONT>
<FONT color=#000000>> 192.168.1.13 66.nnn.nnn.nnn : PSK "abcdef"</FONT>
<FONT color=#000000>If your ip is actually 192.168.1.13 you cannot tunnel 192.168.1.0/24.</FONT>
<FONT color=#000000>you cannot be at two places at once.</FONT>
</PRE></BLOCKQUOTE><BR>Thanks Paul, I have changed my leftsubnet as
follows:<BR><BR>leftsubnet=192.168.1.13/32<BR><BR>Still same failing results.
All I need is to connect from a Linux PC as a client to a VPN
tunnel.<BR><BR>Will try the USE_BROKEN switch
now.<BR><BR>Thanks,<BR>Bas.<BR><BR><BR><BR>
<P>
<HR>
<P></P>_______________________________________________<BR>Users@openswan.org<BR>http://lists.openswan.org/mailman/listinfo/users<BR>Building
and Integrating Virtual Private Networks with Openswan:
<BR>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<BR></BLOCKQUOTE></BODY></HTML>