<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>try adding forceencaps=yes <br><br>sent from a tiny device </div><div><br>On 2013-07-31, at 21:39, doug m <<a href="mailto:qrkyxboy@gmail.com">qrkyxboy@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div>Working with a client and I'm thinking maybe the Sonicwall is at fault. I am trying to use the Linux instance to connect to the VPN via Sonicwall so it should be getting fed an IP from the <a href="http://192.168.10.0/24">192.168.10.0/24</a> range but it gets nothing. It authenticates and is showing connected.</div>
<div><br></div><div><div>004 "sonicwall" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x9eb4577b <0xfde7e679 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}</div></div><div><br>
</div><div>But I notice this in ipsec auto --status:</div><div><br></div><div><div>000 "sonicwall": myip=unset; hisip=unset;</div></div><div><br></div><div>Here is the config:</div><div><br></div><div>config setup</div>
<div> virtual_private=virtual_private=%v4:<a href="http://192.168.10.0/24">192.168.10.0/24</a></div><div> nat_traversal=yes</div><div> oe=off</div><div> protostack=netkey</div><div> plutodebug=none</div>
<div> interfaces=%defaultroute</div><div>conn sonicwall</div><div> type=tunnel</div><div> left=<a href="http://xxxxxxxxxxx.compute.amazonaws.com">xxxxxxxxxxx.compute.amazonaws.com</a></div><div> leftnexthop=%defaultroute</div>
<div> leftsubnet=<a href="http://0.0.0.0/0.0.0.0">0.0.0.0/0.0.0.0</a></div><div> leftprotoport=17/1701</div><div> leftid=@GroupVPN</div><div> leftxauthclient=yes</div><div> leftxauthusername=XXXXXX</div>
<div> right=<a href="http://remote.server.com">remote.server.com</a></div><div> rightsubnet=<a href="http://192.168.10.0/24">192.168.10.0/24</a></div><div> rightprotoport=17/0</div><div> rightxauthserver=yes</div>
<div> rightid=@XXXXXXXX # The sonicwall's UID</div><div> pfs=no</div><div> aggrmode=yes</div><div> keyexchange=ike</div><div> auto=add</div><div> auth=esp</div><div> esp=3des-sha1</div>
<div> ike=3des-sha1-modp1024</div><div> ikelifetime=8h</div><div> authby=secret</div><div> rekey=no</div><div><br></div><div>Not sure what next steps are -- there isn't much I haven't tried, any suggestions?</div>
<div>thanks-</div><div>-doug</div><div><br></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote></body></html>