[Openswan Users] newbie help - RHEL 3 behind NAT to SonicWall

Paul Wouters paul at xelerance.com
Wed Jan 11 17:04:23 CET 2006

On Wed, 11 Jan 2006, Kimberly Knowles Nico wrote:

> I am having connectivity trouble.  I installed OpenSwan 2.3.0 from the RPM for
> RHEL 3.  I have tried to use the SonicWall configuration example as well as
> SonicWall's own examples (I don't think I should use XAUTH, since the SonicWall
> config has Require XAUTH = no).


>  I'm not sure if I should be using Main Mode or
> Aggressive Mode, but I think Main Mode.
> I haven't touched my firewall yet, because as far as I can tell, my key
> negotiation is failing in the first packet response:
> [root at localhost tmp]# /usr/sbin/ipsec auto --up vizdom
> 104 "vizdom" #2: STATE_MAIN_I1: initiate
> 010 "vizdom" #2: STATE_MAIN_I1: retransmission; will wait 20s for response
> 010 "vizdom" #2: STATE_MAIN_I1: retransmission; will wait 40s for response
> and in /var/log/secure it shows that it received a packet but interpreted it as

It might require aggressive mode. But it could also be dropping packets for other
reasons. You will have to check the config and/or logs on the sonicwall.


More information about the Users mailing list