[Openswan dev] XAUTH Fails with SonicWALL VPN

Adam Kessel adam at rosi-kessel.org
Thu Jun 10 22:39:30 CEST 2004


I've been working with kenb to get connected to my office VPN.  We got
to a point where he wasn't sure if it was misconfiguration or
interoperability problems and recommended I post my log here.  I don't
understand the fundamentals of VPN very well yet, but I'm happy to help
try patches and get openswan working with SonicWALL and XAUTH.

Phase 1 authentication with x509 and XAUTH disabled works fine, I get
"ISAKMP SA established."  If I turn on leftxauthclient=yes, I get stuck
at phase 1, however.  The log is here:

http://adam.rosi-kessel.org/temp4/openswan_sonicwall_xauth_auth.log

Hopefully sanitized for any identifying information (please tell me if
you see anything that I ought to remove!)

One other note: my office's distinguished name common name actually has
a comma and space in it, i.e., "E=email at someaddress, CN=Last, First". 
There doesn't appear to be any way to specify a rightid with this sort
of comma in it, so I had to slightly hack pluto/x509.c so that it would
properly parse the CN.  I know this might be illegal, but it might be
worth thinking about allowing people to escape commas in x509.c in case
there is someone else in my situation.

I hope this is helpful.  Let me know what other information I should
provide.  I'd love to get you guys a SonicWALL device to troubleshoot
with, but I don't carry much sway personally with that company.
-- 
Adam Kessel
http://adam.rosi-kessel.org


More information about the Dev mailing list