[Openswan Users] Openswan Linux Client to SonicWall Windows Server.

Bas Driessen bas.driessen at xobas.com
Wed Sep 27 19:43:09 EDT 2006


On Wed, 2006-09-27 at 16:51 +0200, Paul Wouters wrote:

> On Wed, 27 Sep 2006, Bas Driessen wrote:
> 
> > Going through the lists, I found out that DES is not supported by
> > default in OpenSwan, so I have re-compiled the package by setting the
> > USE_WEAKSTUFF?=true flag in the Makefile.inc and also corrected the line
> > to WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES in the Makefile of Pluto.
> > All compiles OK. I know that 3DES is better etc, but this is out of my
> > control. I have to get it to work with the current setup.
> 
> You might also need to set USE_BROKEN=yes
> 

I have set this and the results are the same. If I perform a fgrep of
USE_BROKEN in all files of openswan, I do not get a match. So I have the
impression that this switch does not exist.


> 3DES is not "better". 1DES is trivially brute forced. You have no VPN. You
> better make sure your boss knows that, and gets it in writing, so that
> you can blame management for this unwise decision.
> 

I have informed them already and it is maybe even wiser not to use
sonicwall at all ;) , but again it is out of my control. They may have
their reasons to use it. For the time being I just need to connect. I
had to setup a Windows box with this sonic client for the time being,
since I can't get openswan to work. This is a disappointing development.


> >     left=%defaultroute
> >     leftsubnet=192.168.1.0/24
> >     leftid=192.168.1.13
> 
> > sonicwall.secrets
> >
> > 192.168.1.13 66.nnn.nnn.nnn : PSK "abcdef"
> 
> If your ip is actually 192.168.1.13 you cannot tunnel 192.168.1.0/24.
> you cannot be at two places at once.


Have tried with leftsubnet=192.168.1.13/32 without success.

Also tried leaving out leftsubnet and leftid altogether. No success.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060928/1eafc48d/attachment.html 


More information about the Users mailing list