I posted here what seems like long ago about not being able to get Openswan talking to a Sonicwall 2040 running SonicOS Enhanced. I just got it working. I'm sorry to say the explanation may not help many since this is distro specific. But hopefully you can draw inspiration from it.
<br><br>Firewall<br>----------<br>Sonicwall 2040<br>SonicOS Enhanced 3.2.0.3-54e<br><br>WAN GroupVPN<br>---------------------<br>(General)<br><br>IKE using Preshared Secret<br><br>(Proposals)<br><br>[IKE Phase 1]<br>Group 5
<br>AES-128<br>SHA1<br>3600<br>[IPSec Phase 2]<br>ESP<br>AES-128<br>SHA1<br>[PFS]<br>Disabled<br><br>(Advanced)<br><br>[Advanced Settings}<br>NetBIOS Disabled<br>Multicast Disabled<br>Default Gateway: <a href="http://0.0.0.0">
0.0.0.0</a><br>[Client Authentication]<br>Disabled<br><br>[User/Password Caching]<br>NEVER<br>[Client Connections]<br>DHCP Lease or Manual Configuration<br>All Secured Gateways<br>Set Default Route as this Gateway Enabled
<br>Apply VPN Access List Disabled<br>Require Global Security Client Disabled<br>[Client Initial Provisioning]<br>Use Default Key Disabled<br><br>VPN Advanced Settings<br>------------------------------<br><br>IKE Dead Peer Detection Enabled
<br>NAT Traversal Enabled<br>Clean up Active Tunnels Enabled<br>(All others disabled)<br><br>Client<br>--------<br><br>Ubuntu 7.04 Feisty (Herd 5)<br>Openswan appears to be 2.4.6<br>IPSec Patches Applied<br>Racoon installed (not sure if this is needed)
<br><br>/etc/ipsec.conf<br>-------------------<br><br>config setup<br> interfaces="ipsec0=eth0"<br> nat_traversal=yes<br> nhelpers=0<br><br><br>conn sonicwall<br> type=tunnel<br> left=
my.eth0.ip.address<br> leftnexthop=my.home.router.inside.ip<br> leftsubnet=my.home.network.subnet/24<br> leftid=@GroupVPN<br> right=my.sonicwall.public.ip<br> rightsubnet=my.sonicwall.private.subnet
/24<br> rightid=@<a href="http://my.sonicwall.unique.id">my.sonicwall.unique.id</a><br> keyingtries=0<br> pfs=no<br> aggrmode=no<br> auto=add<br> auth=esp<br> ike=aes128-sha1
<br> esp=aes128-sha1<br> authby=secret<br> xauth=no<br> keyexchange=ike<br><br>/etc/ipsec.secrets<br>-----------------------<br><br>: PSK "my.shared.secret"<br><br>connection command<br>
----------------------------<br><br>sudo ipsec whack --name sonicwall --listen --initiate<br><br><br>Notes<br>--------<br><br>*DHCP doesn't work. I wish it did. Does anyone know how to get it working? Yes, it is enabled on the Sonicwall.
<br>*Not surprisingly, trafic is not being passed to a remote network connected to this Sonicwall via another Sonicwall since there is no routes in between and I am not getting a private DHCP address for the remote network.
<br>*There may be more optimal settings, this is only a representation of how I got it working.<br>*I removed the @GroupVPN and @<a href="http://my.sonicwall.unique.id">my.sonicwall.unique.id</a> from my ipsec.secrets file because I was getting a strange error. I had a typo in my rightid and using this setting helped discover that. It should still work if they are added back in.
<br><br>Good luck!<br>