What is the method of using static IP&#39;s for VPN clients?&nbsp; Since DHCP clients are not well supported, how can I assign my IP once the tunnel is established?<br><br>Surely someone has run into this issue...<br><br><div class="gmail_quote">
On Fri, Apr 25, 2008 at 1:17 PM, Chris Zimmerman &lt;<a href="mailto:czimmer@wczimmerman.dyndns.org">czimmer@wczimmerman.dyndns.org</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
The remote Sonicwall doesn&#39;t support L2TP (from what I can tell in the administration).&nbsp; Is there a way that I can &quot;fake&quot; the IP stack out to use a remote IP locally?&nbsp; Perhaps with some sort of smoke and mirrors with tun/tap devices and some hard routes (proxy arp,too)?&nbsp; I have tried doing device aliases but that does not seem to work (i.e. if my internet device is ppp0, configuring a ppp0:0 with <a href="http://192.168.1.152/24" target="_blank">192.168.1.152/24</a>).&nbsp; <br>

<br>From what I can tell with the feedback I&#39;ve been given, this issue looks like a routing problem on the devices on the <a href="http://192.168.2.0" target="_blank">192.168.2.0</a> network.&nbsp; In other words, if I try to ping <a href="http://192.168.2.85" target="_blank">192.168.2.85</a> the device cannot reply back to me because I&#39;m connected with my internet address and the device will try to reply using it&#39;s normal default gw.&nbsp; <br>

<br>Grasping at straws here...<div><div></div><div class="Wj3C7c"><br><br><div class="gmail_quote">On Fri, Apr 25, 2008 at 12:29 PM, Peter McGill &lt;<a href="mailto:petermcgill@goco.net" target="_blank">petermcgill@goco.net</a>&gt; wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">




<div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">Only way I know of using&nbsp;openswan&nbsp;is to use 
xl2tpd.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">IPSec doesn&#39;t handle virtual IPs.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">L2TP does.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">That&#39;s how Windows IPSec works, it&#39;s actually 
L2TP/IPSec.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">L2TP running on top of IPSec for 
security.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">Look for Jacco&#39;s docs on setting up l2tp client&nbsp;with 
ipsec.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">Specifically&nbsp;it&#39;s recommended to use xl2tpd (from 
xelerance,</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">the makers of openswan) with openswan.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">Note that I haven&#39;t done this myself, so I&#39;m cc&#39;ing the 
list, in</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">case someone else has better or more specific advice 
here.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2"></font></span>&nbsp;</div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">Note, your openswan version is a little out of 
date...</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">I think 2.4.11 is the official stable 
version.</font></span></div>
<div><font color="#0000ff" face="Arial" size="2"></font>&nbsp;</div>
<div align="left"><font face="Arial" size="2">Peter McGill</font></div>
<div>&nbsp;</div><br>
<blockquote style="border-left: 2px solid rgb(0, 0, 255); padding-left: 5px; margin-left: 5px; margin-right: 0px;">
  <div dir="ltr" align="left" lang="en-us">
  <hr>
  <font face="Tahoma" size="2"><div><b>From:</b> Chris Zimmerman 
  [mailto:<a href="mailto:czimmer@wczimmerman.dyndns.org" target="_blank">czimmer@wczimmerman.dyndns.org</a>] <br></div><b>Sent:</b> April 25, 2008 3:15 
  PM<div><div></div><div><br><b>To:</b> <a href="mailto:petermcgill@goco.net" target="_blank">petermcgill@goco.net</a><br><b>Subject:</b> Re: [Openswan Users] 
  Anyone? Anyone? &quot;Roadwarrior&quot; to SonicWall VPNrouting 
  issues<br></div></div></font><br></div><div><div></div><div>
  <div></div>Ah-then that may be the issue.&nbsp; My presence on the remote LAN 
  is with my Internet IP.&nbsp; The other Windows clients that connect to this 
  VPN using the Sonicwall client are assigned a dynamic address which is on the 
  local LAN&nbsp; (192.168.1.x) and the client also creates routes at connection 
  time to allow them to navigate through to the <a href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</a> and other remote 
  networks.&nbsp; <br><br>So-how can I assign a &quot;local&quot; ip to my 
  connection?&nbsp; Is this even possible?&nbsp; <br><br>Thanks so much again 
  for your help.&nbsp; <br><br>
  <div class="gmail_quote">On Fri, Apr 25, 2008 at 12:10 PM, Peter McGill &lt;<a href="mailto:petermcgill@goco.net" target="_blank">petermcgill@goco.net</a>&gt; wrote:<br>
  <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
    <div>
    <p><span lang="en-us"><font color="#0000ff" face="Arial" size="2">I cannot see 
    anything wrong here, everything looks correct.</font></span> <br><span lang="en-us"><font color="#0000ff" face="Arial" size="2">Your connections are 
    connected successfully,</font></span> <br><span lang="en-us"><font color="#0000ff" face="Arial" size="2">You have not firewall rules blocking 
    traffic,</font></span> <br><span lang="en-us"><font color="#0000ff" face="Arial" size="2">The routes have been put in by IPSec.</font></span> <br><span lang="en-us"><font color="#0000ff" face="Arial" size="2">Are you sure it&#39;s not a 
    routing problem on the other side of the SonicWall?</font></span> <br><span lang="en-us"><font color="#0000ff" face="Arial" size="2">Ie) The computers in the 
    2.0 net and/or their gateway, will need to know to send</font></span> 
    <br><span lang="en-us"><font color="#0000ff" face="Arial" size="2">Traffic destined 
    for your ip address (68.27..) to the SonicWall (or 1.0 net) for 
    delivery,</font></span> <br><span lang="en-us"><font color="#0000ff" face="Arial" size="2">And not to their usual internet connection (assuming it isn&#39;t the 
    SonicWall.)</font></span> <br><span lang="en-us"><font color="#0000ff" face="Arial" size="2">Try sniffing the traffic at the lan side of the 
    SonicWall do your tests for 2.0 appear but</font></span> <br><span lang="en-us"><font color="#0000ff" face="Arial" size="2">Without 
    responses?</font></span> </p><br>
    <p><span lang="en-us"><font face="Arial" size="2">Peter McGill</font></span> 
    </p><br>
    <ul>
      <p></p>
      <div><span lang="en-us"><font face="Tahoma" size="1">_____________________________________________ 
      </font></span><br><span lang="en-us"><b><font face="Tahoma" size="1">From: 
      &nbsp;</font></b> <font face="Tahoma" size="1">Chris Zimmerman 
      [</font></span><a href="mailto:czimmer@wczimmerman.dyndns.org" target="_blank"><span lang="en-us"><u><font color="#0000ff" face="Tahoma" size="1">mailto:czimmer@wczimmerman.dyndns.org</font></u></span></a><span lang="en-us"><font face="Tahoma" size="1">] </font></span><br>

</div><span lang="en-us"><b><font face="Tahoma" size="1">Sent:&nbsp;&nbsp;</font></b> <font face="Tahoma" size="1">April 25, 2008 2:27 PM</font></span> <br>
      <div><span lang="en-us"><b><font face="Tahoma" size="1">To:&nbsp;&nbsp;&nbsp;&nbsp;</font></b> <font face="Tahoma" size="1"><a href="mailto:petermcgill@goco.net" target="_blank">petermcgill@goco.net</a></font></span> <br><span lang="en-us"><b><font face="Tahoma" size="1">Subject:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</font></b> <font face="Tahoma" size="1">Re: [Openswan Users] Anyone? Anyone? &quot;Roadwarrior&quot; to 
      SonicWall VPNrouting issues</font></span> </div>
      <p><span lang="en-ca"><font face="Arial">See attached.
      <div><br><br>I did scrub the file a bit (to protect the 
      innocent) and the only deviation from my original post/IP&#39;s is that my 
      Sonicwall device is </div></font></span><a href="http://63.63.63.63" target="_blank"><span lang="en-ca"><u><font color="#0000ff" face="Arial">63.63.63.63</font></u></span></a><span lang="en-ca"><font face="Arial"> in the output file rather than </font></span><a href="http://1.1.1.1" target="_blank"><span lang="en-ca"><u><font color="#0000ff" face="Arial">1.1.1.1</font></u></span></a><span lang="en-ca"><font face="Arial">.&nbsp; If the scrubbing makes things more confusing, then I 
      can send the original output to you as well.&nbsp; I wasn&#39;t comfortable 
      with sending that info to the whole 
      list.<br><br>Thanks!<br><br><br><br></font></span>
      </p><p></p>
      <div><br><span lang="en-ca"><font face="Arial">On Fri, Apr 25, 
      2008 at 11:23 AM, Peter McGill &lt;</font></span><a href="mailto:petermcgill@goco.net" target="_blank"><span lang="en-ca"><u><font color="#0000ff" face="Arial">petermcgill@goco.net</font></u></span></a><span lang="en-ca"><font face="Arial">&gt; wrote:<br>

</font></span></div>
      <div>
      <ul>
        <p><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">Other people 
        might appreciate not receiving a large barf, so it may be best to try 
        just me</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">first, unless I cannot resolve your 
        problem.</font></span> <br><span lang="en-ca"><font face="Arial">&nbsp;</font></span> <br><span lang="en-ca"><font face="Arial" size="2">Peter McGill</font></span> <br><span lang="en-ca"><font face="Arial">&nbsp;</font></span> </p>

<br></ul>
      <p align="justify"><u><span lang="en-us"><font face="Courier New">&nbsp;</font><font face="Courier New"> _____ 
      &nbsp;<br></font></span></u></p></div>
      <ul>
        <ul>
          <p><span lang="en-us"><b><font face="Tahoma" size="2">From:</font></b><font face="Tahoma" size="2"> Chris Zimmerman [</font></span><a href="mailto:HYPERLINK" target="_blank"><span lang="en-us"><font face="Tahoma" size="2">mailto:HYPERLINK 
          &quot;mailto:czimmer@wczimmerman.dyndns.org&quot; \\n</font><u><font color="#0000ff" face="Tahoma" size="2">czimmer@wczimmerman.dyndns.org</font></u></span></a><span lang="en-us"><font face="Tahoma" size="2">]<br>

</font>
          <div>
          <div></div>
          <div><b><font face="Tahoma" size="2">Sent:</font></b><font face="Tahoma" size="2"> April 25, 2008 2:16 PM<br></font><b><font face="Tahoma" size="2">To:</font></b><font face="Tahoma" size="2"> 
          </font></div></div></span><a href="mailto:petermcgill@goco.net" target="_blank"><span lang="en-us"><u><font color="#0000ff" face="Tahoma" size="2">petermcgill@goco.net</font></u></span></a>
          </p><p></p>
          <div>
          <div></div>
          <div><span lang="en-us"><br><b><font face="Tahoma" size="2">Subject:</font></b><font face="Tahoma" size="2"> Re: [Openswan 
          Users] Anyone? Anyone? &quot;Roadwarrior&quot; to SonicWall VPNrouting 
          issues<br></font><br></span><br><span lang="en-ca"><font face="Arial">Would you rather I post the output of ipsec barf on the 
          list or to you directly?<br><br>Thanks!<br><br></font></span><br><span lang="en-ca"><font face="Arial">On Fri, Apr 25, 2008 at 10:35 AM, Peter 
          McGill &lt;</font></span><a href="mailto:petermcgill@goco.net" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">petermcgill@goco.net</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial">&gt; 
          wrote:<br></font></span></div></div>
          <div>
          <div></div>
          <div>
          <ul>
            <p><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">Well I&#39;ve 
            never worked with XAUTH or a SonicWall specifically, but two general 
            suggestions.</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">1) This might just be an email typo, 
            but...</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">conn net2</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">&nbsp;&nbsp;&nbsp; 
            rightsubnet=</font></span><a href="http://192.168.2.0" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial" size="2">192.168.2.0</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"></span> <br>

<span lang="en-ca"><font color="#0000ff" face="Arial" size="2">should 
            be</font></span> <br><span lang="en-ca"><font face="Arial">&nbsp;&nbsp;&nbsp; </font><font color="#0000ff" face="Arial" size="2">rightsubnet=</font></span><a href="http://192.168.2.0/24" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial" size="2">192.168.2.0/24</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"></span> <br>

<span lang="en-ca"><font face="Arial">&nbsp;</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">Otherwise from the 
            information provided, I cannot see any problems, so...</font></span> 
            <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">2) Give 
            us more information.</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">The output of...</font></span> 
            <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">ipsec 
            barf</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">Preferably in an attachment and not the email 
            body.</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">Note from man ipsec_barf:</font></span> </p>
            <p><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">&nbsp;&nbsp;&nbsp; Barf&nbsp; censors&nbsp; its output, 
            replacing keys and secrets with brief check-<br>&nbsp;&nbsp;&nbsp; 
            sums to avoid revealing sensitive information.</font></span> 
            <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">Also send 
            us the SonicWall configuration information (without keys of 
            course).</font></span> <br><span lang="en-ca"><font face="Arial">&nbsp;</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">As for your firewall question, You 
            need to allow the following in/out connections:</font></span> 
            <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">udp/isakmp (proto 17 port 500)</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">esp (proto 
            50)</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">And if using NAT-T</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">udp/4500 (proto 17 
            port 4500)</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">If the firewall is on the same computer as 
            IPSec, then you&#39;ll also need to allow,</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">the private 
            tunnelled traffic ie) to/from </font></span><a href="http://192.168.1.0/24" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial" size="2">192.168.1.0/24</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font color="#0000ff" face="Arial" size="2"> and </font></span><a href="http://192.168.2.0/24" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial" size="2">192.168.2.0/24</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">.</font></span> <br>

<span lang="en-ca"><font color="#0000ff" face="Arial" size="2">If your using SNAT or MASQUERADE on 
            your IPSec device, you&#39;ll need to exempt,</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">the private 
            tunnelled traffic from that.</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">If the firewall is 
            on a different computer between IPSec endpoints, then you&#39;ll need 
            to</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">forward the above isakmp, esp and possibly NAT-T inbound to 
            the IPSec router to accept</font></span> <br><span lang="en-ca"><font color="#0000ff" face="Arial" size="2">connections from the other 
            side.</font></span> <br><span lang="en-ca"><font face="Arial">&nbsp;</font></span> <br><span lang="en-ca"><font face="Arial" size="2">Peter McGill</font></span> <br><span lang="en-ca"><font face="Arial">&nbsp;</font></span> 
          </p><br></ul></div></div></ul></ul>
      <p align="justify"><u><span lang="en-us"><font face="Courier New">&nbsp;</font><font face="Courier New"> _____ 
      &nbsp;<br></font></span></u></p>
      <ul>
        <ul>
          <ul>
            <ul>
              <p><span lang="en-us"><b><font face="Tahoma" size="2">From:</font></b><font face="Tahoma" size="2"> </font></span><a href="mailto:users-bounces@openswan.org" target="_blank"><span lang="en-us"><u><font color="#0000ff" face="Tahoma" size="2">users-bounces@openswan.org</font></u></span></a><span lang="en-us"><font face="Tahoma" size="2"> [</font></span><a href="mailto:HYPERLINK" target="_blank"><span lang="en-us"><font face="Tahoma" size="2">mailto:HYPERLINK 
              &quot;mailto:users-bounces@openswan.org&quot; \\n</font><u><font color="#0000ff" face="Tahoma" size="2">users-bounces@openswan.org</font></u></span></a><span lang="en-us"><font face="Tahoma" size="2">]</font><b> <font face="Tahoma" size="2">On Behalf Of</font></b> <font face="Tahoma" size="2">Chris 
              Zimmerman<br></font>
              <div>
              <div></div>
              <div><b><font face="Tahoma" size="2">Sent:</font></b><font face="Tahoma" size="2"> April 25, 2008 
              1:00 PM<br></font><b><font face="Tahoma" size="2">To:</font></b><font face="Tahoma" size="2"> </font></div></div></span><a href="mailto:users@openswan.org" target="_blank"><span lang="en-us"><u><font color="#0000ff" face="Tahoma" size="2">users@openswan.org</font></u></span></a>
              </p><p></p>
              <div>
              <div></div>
              <div><span lang="en-us"><br><b><font face="Tahoma" size="2">Subject:</font></b><font face="Tahoma" size="2"> [Openswan 
              Users] Anyone? Anyone? &quot;Roadwarrior&quot; to SonicWall VPNrouting 
              issues<br></font><br></span><br><span lang="en-ca"><font face="Arial">I&#39;m not trying to be a pest, but I have to get this 
              working:<br><br>I have been fighting through this setup for more 
              than a week now and I&#39;m at a brick wall.&nbsp;<br><br>My 
              setup:<br><br>my.ip-----------{internet}-----</font></span><a href="http://1.1.1.1" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">1.1.1.1</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial">(sonicwall)</font></span><a href="http://192.168.1.254" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.1.254</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial">========[</font></span><a href="http://192.168.1.0/24" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.1.0/24</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><br>

</span><br><span lang="en-ca"><font face="Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
              [--------[</font></span><a href="http://192.168.1.1/" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.1.1</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial">(router)</font></span><a href="http://192.168.2.1/" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.2.1</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial">]----------</font></span><a href="http://192.168.2.0/24" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.2.0/24</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><br>

<font face="Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br><br>I 
              am connected to the internet over an aircard using Ubuntu, so no 
              NAT&#39;ing is in the way on my end.&nbsp; I need to establish a 
              tunnel from my machine to the sonicwall to gain access to the 
              </font></span><a href="http://192.168.1.0/" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.1.0</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial"> AND 
              </font></span><a href="http://192.168.2.0/" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.2.0</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial"> 
              networks.&nbsp; I am using XAUTH on the Sonicwall and it has NAT 
              traverse enabled.&nbsp; I can successfully authenticate and 
              connect to the </font></span><a href="http://192.168.1.0/" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.1.0</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial"> network 
              and I can ping </font></span><a href="http://192.168.1.1/" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.1.1</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial">.&nbsp; I 
              can also ping </font></span><a href="http://192.168.2.1/" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.2.1</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><font face="Arial"> (other 
              interface on the router) but I cannot ping any other IP&#39;s on the 
              2.0 network.&nbsp; This connection is using the GroupVPN SA on the 
              Standard OS Sonicwall.&nbsp; How do I configure 
              this?&nbsp;<br><br>Here&#39;s my ipsec.conf config:<br><br>config 
              setup<br><br>conn block<br>&nbsp;&nbsp;&nbsp; auto=ignore<br>conn 
              private<br>&nbsp;&nbsp;&nbsp; auto=ignore<br>conn 
              private-or-clear<br>&nbsp;&nbsp;&nbsp; auto=ignore<br>conn 
              clear-or-private<br>&nbsp;&nbsp;&nbsp; auto=ignore<br>conn 
              clear<br>&nbsp;&nbsp;&nbsp; auto=ignore<br>conn 
              packetdefault<br>&nbsp;&nbsp;&nbsp; auto=ignore<br><br>conn 
              net1<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              left=my.ip<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              leftid=@home<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              leftxauthclient=yes<br>&nbsp;&nbsp;&nbsp;&nbsp; right=ip.sonicwall 
              (internet)<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              rightsubnet=</font></span><a href="http://192.168.1.0/24" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.1.0/24</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><br>

<font face="Arial">&nbsp;&nbsp;&nbsp;&nbsp; 
              rightxauthserver=yes<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              rightid=@sonicwall identifier<br>&nbsp;&nbsp;&nbsp;&nbsp; &lt;snip 
              auth lines&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;<br><br>conn 
              net2<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              left=my.ip<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              leftid=@home<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              leftxauthclient=yes<br>&nbsp;&nbsp;&nbsp;&nbsp; right=ip.sonicwall 
              (internet)<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              rightsubnet=</font></span><a href="http://192.168.2.0/" target="_blank"><span lang="en-ca"></span><span lang="en-ca"><u><font color="#0000ff" face="Arial">192.168.2.0</font></u></span><span lang="en-ca"></span></a><span lang="en-ca"><br>

<font face="Arial">&nbsp;&nbsp;&nbsp;&nbsp; 
              rightxauthserver=yes<br>&nbsp;&nbsp;&nbsp;&nbsp; 
              rightid=@sonicwall identifier<br>&nbsp;&nbsp;&nbsp;&nbsp; &lt;snip 
              auth lines&gt;<br><br>I&#39;ve read through countless mailing lists 
              and google links and the openswan wiki, but I cannot figure out 
              how to get this working.&nbsp; It has to be a routing issue but I 
              am still unfamiliar with ipsec so I am unsure of what to 
              change.<br><br>ANY assistance would be great!!<br><br>I would also 
              like to know what, if anything, would need to change for me to 
              connect this tunnel when my machine (laptop) is behind a firewall, 
              too.</font></span></div></div><br><br></ul></ul></ul></ul>
      <p><span lang="en-ca"><b><font face="System" size="2">&nbsp;&lt;&lt; File: 
      ipsec.barf.output &gt;&gt; 
  </font></b></span></p></ul></div></blockquote></div><br></div></div></blockquote></div>
</blockquote></div><br>
</div></div></blockquote></div><br>