[Openswan dev] XAUTH Fails with SonicWALL VPN
Adam Kessel
adam at rosi-kessel.org
Thu Jun 10 22:39:30 CEST 2004
I've been working with kenb to get connected to my office VPN. We got
to a point where he wasn't sure if it was misconfiguration or
interoperability problems and recommended I post my log here. I don't
understand the fundamentals of VPN very well yet, but I'm happy to help
try patches and get openswan working with SonicWALL and XAUTH.
Phase 1 authentication with x509 and XAUTH disabled works fine, I get
"ISAKMP SA established." If I turn on leftxauthclient=yes, I get stuck
at phase 1, however. The log is here:
http://adam.rosi-kessel.org/temp4/openswan_sonicwall_xauth_auth.log
Hopefully sanitized for any identifying information (please tell me if
you see anything that I ought to remove!)
One other note: my office's distinguished name common name actually has
a comma and space in it, i.e., "E=email at someaddress, CN=Last, First".
There doesn't appear to be any way to specify a rightid with this sort
of comma in it, so I had to slightly hack pluto/x509.c so that it would
properly parse the CN. I know this might be illegal, but it might be
worth thinking about allowing people to escape commas in x509.c in case
there is someone else in my situation.
I hope this is helpful. Let me know what other information I should
provide. I'd love to get you guys a SonicWALL device to troubleshoot
with, but I don't carry much sway personally with that company.
--
Adam Kessel
http://adam.rosi-kessel.org
More information about the Dev
mailing list