I've posted the solution (minus XAUTH) in the list before. <br><br><a href="http://lists.openswan.org/pipermail/users/2007-March/012092.html">http://lists.openswan.org/pipermail/users/2007-March/012092.html</a><br><br>
There are a couple of things I need to update about that post. First, you don't need Racoon (in fact, Racoon breaks Openswan in this configurationand) and you can set the "left" value to %defaultroute in the event that your local IP is set by DHCP.
<br><br>A couple of notes on my experience thus far:<br><br>-XAUTH and Openswan seem to be incompatible for reasons I haven't determined.<br>-You cannot require DHCP over VPN on the Sonicwall although you can allow both static IPs and DHCP.
<br>-I haven't gotten traffic flowing from the other side of the Sonicwall over the VPN (IOW no SSH yet) I'm sure it's possible. Just haven't spent more than 5 minutes on it.<br>-So far, only one PC per subnet seems to be able to connect via Openswan. If I connect my computer upstairs, the VPN downstairs goes down. Haven't explored this yet.
<br><br>There you go. Good luck. I hope you can draw inspiration from my Ubuntu configuration and apply it to Fedora Core.<br><br><div><span class="gmail_quote">On 5/16/07, <b class="gmail_sendername">Gaiseric Vandal</b> <
<a href="mailto:gaiseric.vandal@gmail.com">gaiseric.vandal@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I am attempting to connect to a Sonicwall Pro 2040 (with enhanced OS)
<br>from Openswan on Fedora Core 6. This is with PSK (PreShared Key) and<br>XAUTH authentication. (Alternately, I have also been trying to connect<br>with OpenSWAN as an L2TP client, but I will address that in a separate<br>
post.)<br><br>I am able to connect if I don't use XAUTH. (This means that I have<br>most of the settings correct.) If I use XAUTH can get through Phase I<br>but I never get through XAUTH and onto Phase 2.<br><br>I have tried with both RPM version of OpenSwan
2.4.7, as well as<br>compiling it myself. I compiled it with<br>USE_XAUTH?=true,<br>USE_NAT_TRAVERSAL?=true<br>USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true<br>USE_XAUTHPAM?=true<br><br>The configuration is as follows (the VPN user is "left.")
<br><br>__________________________________________________ _______________<br><br>conn xauth1<br>type=tunnel<br>#left=%defaultroute<br>left=192.168.1.x<br>leftsubnet=<a href="http://192.168.1.0/24">192.168.1.0/24</a><br>leftid=@GroupVPN
<br>leftxauthclient=yes<br>#right=%any<br>right=sonicwall.public.ip.address<br>rightsubnet=<a href="http://192.168.0.0/24">192.168.0.0/24</a><br>rightid=@pro2040<br>rightxauthserver=yes<br>keyingtries=0<br>pfs=no<br>auto=add
<br>auth=esp<br>esp=3des-sha1<br>ike=3des-sha1-modp1024<br>xauth=yes<br>authby=secret<br>aggrmode=no<br>dpddelay=5<br>dpdtimeout=60<br>dpdaction=clear<br><br>__________________________________________________ _______________
<br><br>I try connect with either of the following commands<br><br># ipsec whack --name xauth1 --xauthname=myname --xauthpass=mypassword<br>--initiate<br># ipsec whack --name xauth1 --initiate<br><br><br>I had tried this is the past with the Sonicwall Pro100- again, I could
<br>only connect with XAUTH disabled.<br><br><br><br>-Thanks<br>_______________________________________________<br><a href="mailto:Users@openswan.org">Users@openswan.org</a><br><a href="http://lists.openswan.org/mailman/listinfo/users">
http://lists.openswan.org/mailman/listinfo/users</a><br>Building and Integrating Virtual Private Networks with Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br></blockquote></div><br>