Oh and you can use %defaultroute instead of your current IP address in case you are using DHCP on your local LAN.<br><br><div><span class="gmail_quote">On 10/2/07, <b class="gmail_sendername">Marius Schrecker</b> <<a href="mailto:marius@schrecker.org">
marius@schrecker.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">> -----BEGIN PGP SIGNED MESSAGE-----<br>> Hash: SHA1
<br>><br>> Hello Paul W,<br>><br>> Thank you for the suggestions, unfortunately, upgrading to 2.4.9 did not<br>> change the behaviour.<br>><br>> I also tried the modecfgpull=yes ( I also tried adding<br>
> leftmodecfgclient=yes ) but no luck with either of these.<br>><br>> I still see the "Mode Config message is unacceptable..."; This might<br>> indicate that modecfgpull is not going to work?<br>>
<br>> ipsec verify asked me to turn off "enforced SElinux mode" which I also<br>> tried.<br>><br>> I will check the Sonicwall f/w version at work Monday.<br>><br>> Thanks again for the suggestions;
<br>><br>> PdP<br>><br>> Paul Wouters wrote:<br>>> On Sat, 29 Sep 2007, paul pantages wrote:<br>>><br>>>> [root@rigel pdp]# ipsec verify<br>>>> Checking your system to see if IPsec got installed and started
<br>>>> correctly:<br>>>> Version check and ipsec on-path [OK]<br>>>> Linux Openswan U2.4.5/K2.6.20-1.2962.fc6 (netkey)<br>>><br>>> You should upgrade and try this with openswan
2.4.9.<br>>><br>>>> conn myclient<br>>>> left=<a href="http://172.16.1.35">172.16.1.35</a><br>>>> leftsubnet=<a href="http://172.16.1.35/32">172.16.1.35/32</a><br>>><br>>> Leave out the leftsubnet. Otherwise it seems fine.
<br>>> You could try adding modecfgpull=yes?<br>>><br>>>> STATE_MAIN_I3<br>>>> 108 "myclient" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>>>> 003 "myclient" #1: Mode Config message is unacceptable because it is
<br>>>> for<br>>>> an incomplete ISAKMP SA (state=STATE_MAIN_I3)<br>>><br>>> Odd. That might to suggest a buggy implementation on the Sonic Wall. Can<br>>> you see if you are running the latest firmware?
<br>>><br>>> Paul<br>><br>I'm having trouble configuring vpn from OpenSwan to Sonicwall TZ 170<br>fw: 3.1.0.12-86s,so am interested in hearing from anyone who has a working<br>configuration.<br><br> My problem is that the OpenSwan client doesn't get an IP on the vpn
<br>subnet. Was interested to read (above) that "leftsubnet" should be left<br>out.<br><br>Does anyone have a working config (preferably for an OpenSwan RoadWarrior<br>authenticating against SonicWall OS standard?
<br><br>Cheers<br><br>Marius<br>_______________________________________________<br><a href="mailto:Users@openswan.org">Users@openswan.org</a><br><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users
</a><br>Building and Integrating Virtual Private Networks with Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br></blockquote></div><br>