[Openswan Users] Sonicwall with Openswan
Paul Wouters
paul at xelerance.com
Wed Apr 19 18:14:12 CEST 2006
On Wed, 19 Apr 2006, Erik Lotspeich wrote:
> Phase I:
> Encryption Algorithm: 3DES-CBC (192-bit)
> Hash: SHA
> Auth method: Xauth w/pre-shared key
> Diffie-Hellman: Alt. 1024-bit MODP (Grp. 2)
translates to: ike=3des-sha1-modp1024
> Phase II:
> Encapsulating sec. payload
> Encap. mode: UDP
> Encr: 3DES
> Hash: HMAC-SHA
translates to: esp=3des-sha1
> conn sonicwall
> left=%defaultroute
> leftid=@home
> leftxauthclient=yes
> right=1.2.3.4
> rightsubnet=192.168.44.0/22
> rightxauthserver=yes
> rightid=@sonicwall.unique.firewall.identifier
> keyingtries=0
> pfs=yes
Are you sure about pfs=yes? Try pfs=no if adding the above two lines
does not help.
> auto=add
> auth=esp
> authby=secret
> xauth=yes
I don't think "xauth=yes" is used anymore, it is replaced by xauthclient= and
xauthserver=
> root at dell:/home/erik# ipsec auto --up sonicwall
> 104 "sonicwall" #39: STATE_MAIN_I1: initiate
> 003 "sonicwall" #39: ignoring unknown Vendor ID payload [5b362bc820f60001]
> 106 "sonicwall" #39: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "sonicwall" #39: ignoring unknown Vendor ID payload [404bf439522ca3f6]
> 003 "sonicwall" #39: received Vendor ID payload [XAUTH]
> 003 "sonicwall" #39: received Vendor ID payload [Dead Peer Detection]
> 108 "sonicwall" #39: STATE_MAIN_I3: sent MI3, expecting MR3
> 003 "sonicwall" #39: ignoring informational payload, type INVALID_PAYLOAD_TYPE
I guess it did not like something.... Can you get more logs from the other end?
> The Windows client prompts me for a username and password. I don't know how
> to supply a username to openswan -- and it doesn't prompt for one.
It will prompt you when you complete phase 1 and enter phase 2. You don't get that
far.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list