Make sure your encryption settings on your Sonicwall match what you are using here. Also, make sure you have turned of XAUTH for your GroupVPN. Have you read my posting on how I got it working for Sonicwall?<br><br><div><span class="gmail_quote">
On 6/15/07, <b class="gmail_sendername">Rick Knight</b> <<a href="mailto:rick_knight@rlknight.com">rick_knight@rlknight.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm trying to establish a connection to a SonicWall 3060 Enhanced<br>firewall using Openswan 2.3. I have several documents describing how to<br>do this, but for some reason I can't make it work. Can someone take a
<br>look at my settings and tell me what I've missed or gotten wrong? Below<br>is my ipsec.conf and several lines of output generated when I try to<br>connect.<br><br>My ipsec.conf<br># /etc/ipsec.conf - Openswan IPsec configuration file
<br># RCSID $Id: <a href="http://ipsec.conf.in">ipsec.conf.in</a>,v <a href="http://1.15.2.2">1.15.2.2</a> 2005/11/14 20:10:27 paul Exp $<br><br># This file: /usr/share/doc/openswan/ipsec.conf-sample<br>#<br># Manual:
ipsec.conf.5<br><br><br>version 2.0 # conforms to second version of ipsec.conf specification<br><br># basic configuration<br>config setup<br> # plutodebug / klipsdebug = "all", "none" or a combation from below:
<br> # "raw crypt parsing emitting control klips pfkey natt x509 private"<br> # eg:<br> # plutodebug="control parsing"<br> #<br> # Only enable klipsdebug=all if you are a developer<br> #
<br> # NAT-TRAVERSAL support, see README.NAT-Traversal<br> nat_traversal=yes<br> # virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12">10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
</a><br><br># Add connections here<br><br>conn sonicwall<br> type=tunnel<br> left=<a href="http://172.16.88.25">172.16.88.25</a><br> leftnexthop=<a href="http://172.16.88.2">172.16.88.2</a><br> leftsubnet=<a href="http://172.16.88.0/23">
172.16.88.0/23</a><br> leftxauthclient=yes<br> leftid=@localID<br> right=x.x.x.x<br> rightsubnet=<a href="http://192.168.0.0/24">192.168.0.0/24</a><br> rightxauthserver=yes<br> rightid=@uniqueID<br> keyingtries=0
<br> pfs=no<br> aggrmode=no<br> auto=add<br> auth=esp<br> ike=3des-sha1<br> esp=3des-sha1<br> authby=secret<br> #xauth=yes<br> keyexchange=ike<br><br>#Disable Opportunistic Encryption<br>#include /etc/ipsec.d/examples/no_oe.conf
<br><br>My ipsec.secrets contains this...<br>@localID @uniqueID : PSK "secret"<br><br>Output of # ipsec auto --up sonicwall<br>104 "sonicwall" #2: STATE_MAIN_I1: initiate<br>003 "sonicwall" #2: ignoring unknown Vendor ID payload [5b362bc820f60001]
<br>003 "sonicwall" #2: received Vendor ID payload<br>[draft-ietf-ipsec-nat-t-ike-03] method set to=108<br>106 "sonicwall" #2: STATE_MAIN_I2: sent MI2, expecting MR2<br>003 "sonicwall" #2: ignoring unknown Vendor ID payload [404bf439522ca3f6]
<br>003 "sonicwall" #2: received Vendor ID payload [XAUTH]<br>003 "sonicwall" #2: received Vendor ID payload [Dead Peer Detection]<br>003 "sonicwall" #2: NAT-Traversal: Result using<br>draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
<br>108 "sonicwall" #2: STATE_MAIN_I3: sent MI3, expecting MR3<br>003 "sonicwall" #2: Mode Config message is unacceptable because it is<br>for an incomplete ISAKMP SA (state=STATE_MAIN_I3)<br>010 "sonicwall" #2: STATE_MAIN_I3: retransmission; will wait 20s for
<br>response<br>004 "sonicwall" #2: STATE_MAIN_I4: ISAKMP SA established<br>{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha<br>group=modp1024}<br>003 "sonicwall" #2: next payload type of ISAKMP Hash Payload has an
<br>unknown value: 255<br>003 "sonicwall" #2: malformed payload in packet<br>003 "sonicwall" #2: next payload type of ISAKMP Hash Payload has an<br>unknown value: 255<br>003 "sonicwall" #2: malformed payload in packet
<br><br>Can someone please help me out?<br><br>Thanks,<br>Rick Knight<br>_______________________________________________<br><a href="mailto:Users@openswan.org">Users@openswan.org</a><br><a href="http://lists.openswan.org/mailman/listinfo/users">
http://lists.openswan.org/mailman/listinfo/users</a><br>Building and Integrating Virtual Private Networks with Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br></blockquote></div><br>