So long as you are trying to use XAUTH with Sonicwall, it will not work. Period. I don&#39;t which side of the equation has the issue, but it is what it is.<br><br><br><br><div><span class="gmail_quote">On 7/4/07, <b class="gmail_sendername">
Rick Knight</b> &lt;<a href="mailto:rick_knight@rlknight.com">rick_knight@rlknight.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Still trying to get my Linux box to connect to my SonicWall VPN at work.<br>I think I&#39;m getting close. I get to a point where SonicWall is waiting<br>for a response but not getting any. I can see in my firewall logs where
<br>my linux box is responding, but instead of sending to the SonicWall<br>public IP it&#39;s sending to <a href="http://10.1.0.11">10.1.0.11</a>. I don&#39;t have anything on either end<br>at 10.1.x.x. Where is this comming from? I&#39;ve checked all of the
<br>Openswan and my own network settings, but I don&#39;t see <a href="http://10.1.0.11">10.1.0.11</a> anywhere.<br><br>Thanks for any help.<br><br>I&#39;m running Kubuntu Feisty 7.04, Kernel 2.6.20 Openswan 2.4.8, also<br>
tried 2.4.6 with same results.<br><br>ipsec.conf &#39;conn sonicwall&#39; section<br><br>conn sonicwall<br>&nbsp;&nbsp;&nbsp;&nbsp;type=tunnel<br>&nbsp;&nbsp;&nbsp;&nbsp;left=<a href="http://172.16.88.25">172.16.88.25</a><br>&nbsp;&nbsp;&nbsp;&nbsp;leftnexthop=<a href="http://172.16.88.2">
172.16.88.2</a><br>&nbsp;&nbsp;&nbsp;&nbsp;leftsubnet=<a href="http://172.16.88.0/23">172.16.88.0/23</a><br>&nbsp;&nbsp;&nbsp;&nbsp;leftxauthclient=yes<br>&nbsp;&nbsp;&nbsp;&nbsp;leftid=@myid<br>&nbsp;&nbsp;&nbsp;&nbsp;right=vpn.public.ip.addr<br>&nbsp;&nbsp;&nbsp;&nbsp;rightsubnet=<a href="http://192.168.0.0/24">192.168.0.0/24
</a><br>&nbsp;&nbsp;&nbsp;&nbsp;rightxauthserver=yes<br>&nbsp;&nbsp;&nbsp;&nbsp;rightid=@vpnid<br>&nbsp;&nbsp;&nbsp;&nbsp;keyingtries=0<br>&nbsp;&nbsp;&nbsp;&nbsp;pfs=no<br>&nbsp;&nbsp;&nbsp;&nbsp;aggrmode=no<br>&nbsp;&nbsp;&nbsp;&nbsp;auto=add<br>&nbsp;&nbsp;&nbsp;&nbsp;auth=esp<br>&nbsp;&nbsp;&nbsp;&nbsp;ike=3des-sha1<br>&nbsp;&nbsp;&nbsp;&nbsp;esp=3des-sha1<br>&nbsp;&nbsp;&nbsp;&nbsp;authby=secret<br>&nbsp;&nbsp;&nbsp;&nbsp;xauth=yes<br>
&nbsp;&nbsp;&nbsp;&nbsp;keyexchange=ike<br><br><br><br>Output of # ipsec auto --up&nbsp;&nbsp;sonicwall<br><br>104 &quot;sonicwall&quot; #5: STATE_MAIN_I1: initiate<br>003 &quot;sonicwall&quot; #5: ignoring unknown Vendor ID payload [5b362bc820f60001]
<br>003 &quot;sonicwall&quot; #5: received Vendor ID payload<br>[draft-ietf-ipsec-nat-t-ike-03] method set to=108<br>106 &quot;sonicwall&quot; #5: STATE_MAIN_I2: sent MI2, expecting MR2<br>003 &quot;sonicwall&quot; #5: ignoring unknown Vendor ID payload [404bf439522ca3f6]
<br>003 &quot;sonicwall&quot; #5: received Vendor ID payload [XAUTH]<br>003 &quot;sonicwall&quot; #5: received Vendor ID payload [Dead Peer Detection]<br>003 &quot;sonicwall&quot; #5: NAT-Traversal: Result using<br>draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
<br>108 &quot;sonicwall&quot; #5: STATE_MAIN_I3: sent MI3, expecting MR3<br>003 &quot;sonicwall&quot; #5: discarding duplicate packet; already STATE_MAIN_I3<br>010 &quot;sonicwall&quot; #5: STATE_MAIN_I3: retransmission; will wait 20s for
<br>response<br>003 &quot;sonicwall&quot; #5: ignoring informational payload, type INVALID_COOKIE<br>003 &quot;sonicwall&quot; #5: received and ignored informational message<br>010 &quot;sonicwall&quot; #5: STATE_MAIN_I3: retransmission; will wait 40s for
<br>response<br>003 &quot;sonicwall&quot; #5: ignoring informational payload, type INVALID_COOKIE<br>003 &quot;sonicwall&quot; #5: received and ignored informational message<br>031 &quot;sonicwall&quot; #5: max number of retransmissions (2) reached
<br>STATE_MAIN_I3.&nbsp;&nbsp;Possible authentication failure: no acceptable response<br>to our first encrypted message<br>000 &quot;sonicwall&quot; #5: starting keying attempt 2 of an unlimited number,<br>but releasing whack<br><br>
<br>Relevent section of SonicWall VPN log (x.x.x.x = PVN public IP, z.z.z.z<br>= my private IP)<br><br>18&nbsp;&nbsp;&nbsp;&nbsp;07/04/2007 12:41:15.064&nbsp;&nbsp;&nbsp;&nbsp;Info&nbsp;&nbsp;&nbsp;&nbsp;VPN IKE&nbsp;&nbsp;&nbsp;&nbsp;NAT Discovery : Peer<br>IPSec Security Gateway behind a NAT/NAPT Device
<br>19&nbsp;&nbsp;&nbsp;&nbsp;07/04/2007 12:41:15.000&nbsp;&nbsp;&nbsp;&nbsp;Info&nbsp;&nbsp;&nbsp;&nbsp;VPN IKE&nbsp;&nbsp;&nbsp;&nbsp;IKE Responder:<br>Received Main Mode request (Phase 1)&nbsp;&nbsp;&nbsp;&nbsp;z.z.z.z, 1 (stroadmin)<br>x.x.x.x, 500<br>HTTPS<br>23&nbsp;&nbsp;&nbsp;&nbsp;07/04/2007 12:36:47.544&nbsp;&nbsp;&nbsp;&nbsp;Info&nbsp;&nbsp;&nbsp;&nbsp;VPN IKE&nbsp;&nbsp;&nbsp;&nbsp;IKE Responder: No
<br>response - remote party timeout&nbsp;&nbsp;&nbsp;&nbsp;x.x.x.x, 500&nbsp;&nbsp;&nbsp;&nbsp;z.z.z.z, 500<br>24&nbsp;&nbsp;&nbsp;&nbsp;07/04/2007 12:36:47.544&nbsp;&nbsp;&nbsp;&nbsp;Info&nbsp;&nbsp;&nbsp;&nbsp;VPN IKE&nbsp;&nbsp;&nbsp;&nbsp;IKE SA lifetime<br>expired.&nbsp;&nbsp;&nbsp;&nbsp;x.x.x.x&nbsp;&nbsp;&nbsp;&nbsp;z.z.z.z<br>25&nbsp;&nbsp;&nbsp;&nbsp;07/04/2007 12:36:42.608&nbsp;&nbsp;&nbsp;&nbsp;Info&nbsp;&nbsp;&nbsp;&nbsp;VPN IKE&nbsp;&nbsp;&nbsp;&nbsp;NAT Discovery : Peer
<br>IPSec Security Gateway behind a NAT/NAPT Device<br><br><br>_______________________________________________<br><a href="mailto:Users@openswan.org">Users@openswan.org</a><br><a href="http://lists.openswan.org/mailman/listinfo/users">
http://lists.openswan.org/mailman/listinfo/users</a><br>Building and Integrating Virtual Private Networks with Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br></blockquote></div><br>