[Openswan Users] openswan and sonicwall

Aaron Kincer kincera at gmail.com
Wed May 2 12:47:14 EDT 2007 

I haven't been able to get XAUTH working between Sonicwall and Openswan. 
I turned it off and it works great. Forget aggressive mode. Even worse 
things happen there. Although I admit I haven't done exhaustive testing. 
I posted a while back on how to get it working. Right off hand, I don't 
see anything wrong with your conf there. Google the words "sonicwall 
openswan 2040 solved" without quotes and you should get the post right 
away. If you are using a different model, you should be able to draw 
enough info out to get it working.

Gary W. Smith wrote:
> Has anyone gotten any of the 2.4.x series to work with sonicwall?  I've
> seen some documentation on the site but have failed in all attempts.  We
> tried two different configs; with aggrmode on and off.  Each had their
> own errors. 
>
> version 2
>
> conn sonicwall
>         type=tunnel
>         left=%defaultroute
>         leftsubnet=10.40.214.0/24
>         leftid=@sonicwall
>         leftxauthclient=yes
>         right=validIP
>         rightsubnet=192.168.0.0/16
>         rightxauthserver=yes
>         rightid=@remoteserver
>         keyingtries=1
>         pfs=yes
>         aggrmode=no
>         auto=start
>         auth=esp
>         keyexchange=ike
>         esp=3des-sha1
>         ike=3des-sha1
>         authby=secret
>         xauth=yes
>
> @sonicwall @remoteserver : PSK "somethingstrongerthanthis!
>
>
> ### With aggrmode=now
> May  2 08:46:22 OPENSWANTEST pluto[7272]: "sonicwall" #1: initiating
> Main Mode
> May  2 08:46:22 OPENSWANTEST pluto[7272]: packet from ValidIP:500:
> ignoring informational payload, type NO_PROPOSAL_CHOSEN
> May  2 08:46:22 OPENSWANTEST pluto[7272]: packet from ValidIP:500:
> received and ignored informational message
> May  2 08:46:32 OPENSWANTEST pluto[7272]: packet from ValidIP:500:
> ignoring informational payload, type NO_PROPOSAL_CHOSEN
> May  2 08:46:32 OPENSWANTEST pluto[7272]: packet from ValidIP:500:
> received and ignored informational message
>
>
> ### With aggrmode=yes
> May  2 08:51:40 OPENSWANTEST pluto[9348]: "sonicwall" #1: multiple
> transforms were set in aggressive mode. Only first one used.
> May  2 08:51:40 OPENSWANTEST pluto[9348]: "sonicwall" #1: transform
> (5,2,2,0) ignored.
> May  2 08:51:40 OPENSWANTEST pluto[9348]: "sonicwall" #1: initiating
> Aggressive Mode #1, connection "sonicwall"
> May  2 08:51:40 OPENSWANTEST pluto[9348]: "sonicwall" #1: multiple
> transforms were set in aggressive mode. Only first one used.
> May  2 08:51:40 OPENSWANTEST pluto[9348]: "sonicwall" #1: transform
> (5,2,2,0) ignored
> May  2 08:51:41 OPENSWANTEST pluto[9348]: packet from ValidIP:500:
> ignoring informational payload, type INVALID_ID_INFORMATION
> May  2 08:51:41 OPENSWANTEST pluto[9348]: packet from ValidIP:500:
> received and ignored informational message
> May  2 08:51:50 OPENSWANTEST pluto[9348]: packet from ValidIP:500:
> ignoring informational payload, type INVALID_ID_INFORMATION
> May  2 08:51:50 OPENSWANTEST pluto[9348]: packet from ValidIP:500:
> received and ignored informational message
>
>
> Any help would be greatly appreciated.
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>

More information about the Users mailing list