Didn't help. The tail end of ipsec auto --status:<div><br></div><div><div>000 "sonicwall": <a href="http://0.0.0.0/0===">0.0.0.0/0===</a><my wan IP>[@GroupVPN,+XC+S=C]:17/1701---172.31.32.1...<his wan IP>[@XXXXXXXXXX,+XS+S=C]:17/0===<a href="http://192.168.10.0/24">192.168.10.0/24</a>; erouted; eroute owner: #2</div>
</div><div><div>000 "sonicwall": myip=unset; hisip=unset;</div><div>000 "sonicwall": xauth info: myxauthuser=<username>;</div><div>000 "sonicwall": ike_life: 28800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0</div>
<div>000 "sonicwall": policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+UP+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 0,24; interface: eth0;</div><div>000 "sonicwall": newest ISAKMP SA: #1; newest IPsec SA: #2;</div>
<div>000 "sonicwall": IKE algorithms wanted: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2); flags=-strict</div><div>000 "sonicwall": IKE algorithms found: 3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2)</div><div>
000 "sonicwall": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024</div><div>000 "sonicwall": ESP algorithms wanted: 3DES(3)_000-SHA1(2)_000; flags=-strict</div><div>000 "sonicwall": ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160</div>
<div>000 "sonicwall": ESP algorithm newest: 3DES_000-HMAC_SHA1; pfsgroup=<N/A></div><div>000</div><div>000 #2: "sonicwall":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE_IF_USED in 27971s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate</div>
<div>000 #2: "sonicwall" esp.5ebb5095@<his wan IP> esp.bc715754@<my wan IP> tun.0@<his wan IP> tun.0@<my wan IP> ref=0 refhim=4294901761</div><div>000 #1: "sonicwall":4500 STATE_XAUTH_I1 (XAUTH client - awaiting CFG_set); EVENT_SA_REPLACE in 28499s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate</div>
</div><div><br></div><div>The only other thing I see is in auth.log</div><div><br></div><div><div>Jul 31 21:21:33 ip-172-31-36-54 pluto[2308]: packet from <his wan IP>:4500: Mode Config message is for a non-existent (expired?) ISAKMP SA</div>
<div><br></div><div>It connects, it just doesn't get an IP.</div><div>-doug</div><div><br></div><br><div class="gmail_quote">On 31 July 2013 16:31, Leto <span dir="ltr"><<a href="mailto:letoams@gmail.com" target="_blank">letoams@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>try adding forceencaps=yes <br><br>sent from a tiny device </div><div><div class="h5"><div><br>On 2013-07-31, at 21:39, doug m <<a href="mailto:qrkyxboy@gmail.com" target="_blank">qrkyxboy@gmail.com</a>> wrote:<br>
<br></div><blockquote type="cite"><div><div>Working with a client and I'm thinking maybe the Sonicwall is at fault. I am trying to use the Linux instance to connect to the VPN via Sonicwall so it should be getting fed an IP from the <a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a> range but it gets nothing. It authenticates and is showing connected.</div>
<div><br></div><div><div>004 "sonicwall" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x9eb4577b <0xfde7e679 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}</div></div><div><br>
</div><div>But I notice this in ipsec auto --status:</div><div><br></div><div><div>000 "sonicwall": myip=unset; hisip=unset;</div></div><div><br></div><div>Here is the config:</div><div><br></div><div>config setup</div>
<div> virtual_private=virtual_private=%v4:<a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a></div><div> nat_traversal=yes</div><div> oe=off</div><div> protostack=netkey</div>
<div> plutodebug=none</div>
<div> interfaces=%defaultroute</div><div>conn sonicwall</div><div> type=tunnel</div><div> left=<a href="http://xxxxxxxxxxx.compute.amazonaws.com" target="_blank">xxxxxxxxxxx.compute.amazonaws.com</a></div>
<div> leftnexthop=%defaultroute</div>
<div> leftsubnet=<a href="http://0.0.0.0/0.0.0.0" target="_blank">0.0.0.0/0.0.0.0</a></div><div> leftprotoport=17/1701</div><div> leftid=@GroupVPN</div><div> leftxauthclient=yes</div><div> leftxauthusername=XXXXXX</div>
<div> right=<a href="http://remote.server.com" target="_blank">remote.server.com</a></div><div> rightsubnet=<a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a></div><div> rightprotoport=17/0</div>
<div> rightxauthserver=yes</div>
<div> rightid=@XXXXXXXX # The sonicwall's UID</div><div> pfs=no</div><div> aggrmode=yes</div><div> keyexchange=ike</div><div> auto=add</div><div> auth=esp</div><div> esp=3des-sha1</div>
<div> ike=3des-sha1-modp1024</div><div> ikelifetime=8h</div><div> authby=secret</div><div> rekey=no</div><div><br></div><div>Not sure what next steps are -- there isn't much I haven't tried, any suggestions?</div>
<div>thanks-</div><div>-doug</div><div><br></div>
</div></blockquote></div></div><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a></span><br>
<span><a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br>
<span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br>
</div></blockquote></div></blockquote></div><br></div>