Hi,<br><br>I have a working config to connect to a Sonicwall NSA 3500. The problem is I can only ping the Sonicwall itself (10.23.0.254), not any of the hosts behind it (<a href="http://10.23.0.0/24">10.23.0.0/24</a>). When using the windows sonicwall client i am assigned an IP address in the <a href="http://10.23.0.0/24">10.23.0.0/24</a> range via DHCP. I assume this is the reason why I am unable to contact any hosts using openswan. What is the correct way to do this using the netkey driver? I understand that netkey doesn't actually setup a virtual network interface with an IP, so how do I get a valid IP address?<br>
<br># ipsec auto --up melbourne<br>112 "melbourne" #1: STATE_AGGR_I1: initiate<br>003 "melbourne" #1: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]<br>003 "melbourne" #1: ignoring unknown Vendor ID payload [5b362bc820f60007]<br>
003 "melbourne" #1: received Vendor ID payload [RFC 3947] method set to=109 <br>003 "melbourne" #1: received Vendor ID payload [Dead Peer Detection]<br>003 "melbourne" #1: received Vendor ID payload [XAUTH]<br>
003 "melbourne" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed<br>004 "melbourne" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<br>
004 "melbourne" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set<br>003 "melbourne" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000<br>003 "melbourne" #1: received and ignored informational message<br>
004 "melbourne" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set<br>117 "melbourne" #2: STATE_QUICK_I1: initiate<br>004 "melbourne" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xed3ae2ea <0x833df1ed xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=xx.xx.xx.xx:4500 DPD=none}<br>
<br>Here is my ipsec.conf:<br><br>config setup<br> nat_traversal=yes<br> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12</a><br> oe=off<br>
protostack=netkey<br> <br>conn melbourne<br> aggrmode=yes<br> authby=secret<br> auto=add<br> ike=3des-sha1-modp1024<br> phase2=esp<br> phase2alg=3des-sha1<br> pfs=no<br> ikelifetime=28800s<br>
keyingtries=1<br> left=%defaultroute<br> leftid=@GroupVPN<br> leftxauthclient=yes<br> leftxauthusername=username<br> right=xx.xx.xx.xx<br> rightid=@sonicwallid<br> rightsubnet=<a href="http://10.23.0.0/24">10.23.0.0/24</a><br>
rightxauthserver=yes<br><br>ipsec.secrets:<br><br>@GroupVPN @sonicwallid : PSK "xxxxxxxxxxxxxx"<br>@username : XAUTH "xxxxxxxxxx"<br>