[Openswan Users] Sonicwall with Openswan

Erik Lotspeich erik at lotspeich.org
Wed Apr 19 07:50:08 CEST 2006 

Hi,

I apologize if this question has been answered before.  I am trying to do 
something that is quite simple.

My company has a Sonicwall firewall and, with Windows, I can connect using 
the "Sonicwall Global VPN Client".  I am trying to establish a connection 
on Linux, and it seems that Openswan is the way to do this.  So far I've 
spent six hours trying to get this thing to work and I'm getting quite 
frustrated, so I would appreciate any help.

In the Sonicwall Global VPN Client on Windows, I can look at the 
settings of the connection:

Phase I:
Encryption Algorithm: 3DES-CBC (192-bit)
Hash: SHA
Auth method: Xauth w/pre-shared key
Diffie-Hellman: Alt. 1024-bit MODP (Grp. 2)

Phase II:
Encapsulating sec. payload
Encap. mode: UDP
Encr: 3DES
Hash: HMAC-SHA

My ipsec.conf file is set up like this:

conn sonicwall
      left=%defaultroute
      leftid=@home
      leftxauthclient=yes
      right=1.2.3.4
      rightsubnet=192.168.44.0/22
      rightxauthserver=yes
      rightid=@sonicwall.unique.firewall.identifier
      keyingtries=0
      pfs=yes
      auto=add
      auth=esp
      authby=secret
      xauth=yes

My ipsec.secrets file is set up like this:

@home @sonicwall.unique.firewall.identifier : PSK "mypassword"

Here are the messages printed when I try to start the connection:

root at dell:/home/erik# ipsec auto --add sonicwall
root at dell:/home/erik# ipsec auto --up sonicwall
104 "sonicwall" #39: STATE_MAIN_I1: initiate
003 "sonicwall" #39: ignoring unknown Vendor ID payload [5b362bc820f60001]
106 "sonicwall" #39: STATE_MAIN_I2: sent MI2, expecting MR2
003 "sonicwall" #39: ignoring unknown Vendor ID payload [404bf439522ca3f6]
003 "sonicwall" #39: received Vendor ID payload [XAUTH]
003 "sonicwall" #39: received Vendor ID payload [Dead Peer Detection]
108 "sonicwall" #39: STATE_MAIN_I3: sent MI3, expecting MR3
003 "sonicwall" #39: ignoring informational payload, type 
INVALID_PAYLOAD_TYPE
003 "sonicwall" #39: received and ignored informational message
003 "sonicwall" #39: discarding duplicate packet; already STATE_MAIN_I3
010 "sonicwall" #39: STATE_MAIN_I3: retransmission; will wait 20s for 
response
003 "sonicwall" #39: discarding duplicate packet; already STATE_MAIN_I3
010 "sonicwall" #39: STATE_MAIN_I3: retransmission; will wait 40s for 
response
003 "sonicwall" #39: discarding duplicate packet; already STATE_MAIN_I3
031 "sonicwall" #39: max number of retransmissions (2) reached 
STATE_MAIN_I3.  Possible authentication failure: no acceptable response to 
our first encrypted message
000 "sonicwall" #39: starting keying attempt 2 of an unlimited number, but 
releasing whack

The Windows client prompts me for a username and password.  I don't know 
how to supply a username to openswan -- and it doesn't prompt for one.

I believe that I'm really over my head here and I spent hours and hours 
searching Google and can't come up with any documentation or other advice 
that will help.

I would appreciate any help or guideance that you could give.

Thanks,

Erik.

More information about the Users mailing list