[Openswan Users] trying to connect to SonicWall VPN server ...

Martin Koller m.koller at surfeu.at
Fri Aug 20 23:46:18 CEST 2004

Hi list,

I'm new to IpSec and openswan ... and I try to establish a VPN connection from 
my Linux box to the SonicWall VPN server (running on Windows) of our company.

I'm using current CVS from openswan.

The connection from the SonicWall VPN Client installed on my Windows XP box 
works, but if I boot into Linux and try to establish the connection, it fails 
already in phase 1.
So, I checked which IP packages are transferred between the SonicWall VPN 
Client from Windows XP when connecting to the Server by using ethereal, and 
then compared the packages which openswan transfers.

OK, here are the details:

It seems that the VPN server can not select a correct Authentication proposal 
sent from openswan (the server always returns a NO_PROPOSAL_CHOSEN message).
The difference I see when using XP is, that here a lot more proposals are 
sent, e.g: (grepped from ethereal dump)

                Authentication-Method (3): XAUTHInitPreShared (65001)
                Authentication-Method (3): PSK (1)
                Authentication-Method (3): XAUTHInitRSA (65005)
                Authentication-Method (3): RSA-SIG (3)

but openswan only sends:

                Authentication-Method (3): RSA-SIG (3)
                Authentication-Method (3): PSK (1)

I have compiled openswan with USE_XAUTH?=true

So main question is: What do I have to do that openswan also offers the 
XAUTHInitPreShared and XAUTHInitRSA Authentication methods ?

I assume I need the XAuth stuff, because the only thing I have to know using 
the XP-VPN Client is my username and a password.

Thanks a lot.

Best regards/Schöne Grüße

Martin    ()  ascii ribbon campaign - against html mail 
          /\                        - against microsoft attachments

       Some operating systems are called 'user friendly',
             Linux however is 'expert friendly'.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040820/5eafd5c6/attachment.bin

More information about the Users mailing list