[Openswan Users] OpenSwan with XAUTH to sonicwall 2040
Aaron Kincer
kincera at gmail.com
Wed May 16 23:27:11 EDT 2007
I've posted the solution (minus XAUTH) in the list before.
http://lists.openswan.org/pipermail/users/2007-March/012092.html
There are a couple of things I need to update about that post. First, you
don't need Racoon (in fact, Racoon breaks Openswan in this configurationand)
and you can set the "left" value to %defaultroute in the event that your
local IP is set by DHCP.
A couple of notes on my experience thus far:
-XAUTH and Openswan seem to be incompatible for reasons I haven't
determined.
-You cannot require DHCP over VPN on the Sonicwall although you can allow
both static IPs and DHCP.
-I haven't gotten traffic flowing from the other side of the Sonicwall over
the VPN (IOW no SSH yet) I'm sure it's possible. Just haven't spent more
than 5 minutes on it.
-So far, only one PC per subnet seems to be able to connect via Openswan. If
I connect my computer upstairs, the VPN downstairs goes down. Haven't
explored this yet.
There you go. Good luck. I hope you can draw inspiration from my Ubuntu
configuration and apply it to Fedora Core.
On 5/16/07, Gaiseric Vandal <gaiseric.vandal at gmail.com> wrote:
>
> I am attempting to connect to a Sonicwall Pro 2040 (with enhanced OS)
> from Openswan on Fedora Core 6. This is with PSK (PreShared Key) and
> XAUTH authentication. (Alternately, I have also been trying to connect
> with OpenSWAN as an L2TP client, but I will address that in a separate
> post.)
>
> I am able to connect if I don't use XAUTH. (This means that I have
> most of the settings correct.) If I use XAUTH can get through Phase I
> but I never get through XAUTH and onto Phase 2.
>
> I have tried with both RPM version of OpenSwan 2.4.7, as well as
> compiling it myself. I compiled it with
> USE_XAUTH?=true,
> USE_NAT_TRAVERSAL?=true
> USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true
> USE_XAUTHPAM?=true
>
> The configuration is as follows (the VPN user is "left.")
>
> __________________________________________________ _______________
>
> conn xauth1
> type=tunnel
> #left=%defaultroute
> left=192.168.1.x
> leftsubnet=192.168.1.0/24
> leftid=@GroupVPN
> leftxauthclient=yes
> #right=%any
> right=sonicwall.public.ip.address
> rightsubnet=192.168.0.0/24
> rightid=@pro2040
> rightxauthserver=yes
> keyingtries=0
> pfs=no
> auto=add
> auth=esp
> esp=3des-sha1
> ike=3des-sha1-modp1024
> xauth=yes
> authby=secret
> aggrmode=no
> dpddelay=5
> dpdtimeout=60
> dpdaction=clear
>
> __________________________________________________ _______________
>
> I try connect with either of the following commands
>
> # ipsec whack --name xauth1 --xauthname=myname --xauthpass=mypassword
> --initiate
> # ipsec whack --name xauth1 --initiate
>
>
> I had tried this is the past with the Sonicwall Pro100- again, I could
> only connect with XAUTH disabled.
>
>
>
> -Thanks
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070516/78206509/attachment-0001.html
More information about the Users
mailing list