[Openswan Users] newbie help - RHEL 3 behind NAT to SonicWall
Paul Wouters
paul at xelerance.com
Wed Jan 11 17:04:23 CET 2006
On Wed, 11 Jan 2006, Kimberly Knowles Nico wrote:
> I am having connectivity trouble. I installed OpenSwan 2.3.0 from the RPM for
> RHEL 3. I have tried to use the SonicWall configuration example as well as
> SonicWall's own examples (I don't think I should use XAUTH, since the SonicWall
> config has Require XAUTH = no).
right
> I'm not sure if I should be using Main Mode or
> Aggressive Mode, but I think Main Mode.
>
> I haven't touched my firewall yet, because as far as I can tell, my key
> negotiation is failing in the first packet response:
>
> [root at localhost tmp]# /usr/sbin/ipsec auto --up vizdom
> 104 "vizdom" #2: STATE_MAIN_I1: initiate
> 010 "vizdom" #2: STATE_MAIN_I1: retransmission; will wait 20s for response
> 010 "vizdom" #2: STATE_MAIN_I1: retransmission; will wait 40s for response
>
> and in /var/log/secure it shows that it received a packet but interpreted it as
> NO_PROPOSAL_CHOSEN.
It might require aggressive mode. But it could also be dropping packets for other
reasons. You will have to check the config and/or logs on the sonicwall.
Paul
More information about the Users
mailing list