[Openswan Users] OpenSwan with XAUTH to sonicwall 2040

Paul Wouters paul at xelerance.com
Thu May 17 11:45:57 EDT 2007


On Wed, 16 May 2007, Gaiseric Vandal wrote:

> I am attempting to connect to a Sonicwall Pro 2040 (with enhanced OS)
> from Openswan on Fedora Core 6. This is with PSK (PreShared Key) and
> XAUTH authentication. (Alternately, I have also been trying to connect
> with OpenSWAN as an L2TP client, but I will address that in a separate
> post.)
>
> I am able to connect if I don't use XAUTH. (This means that I have
> most of the settings correct.) If I use XAUTH can get through Phase I
> but I never get through XAUTH and onto Phase 2.
>
> I have tried with both RPM version of OpenSwan 2.4.7, as well as
> compiling it myself. I compiled it with
> USE_XAUTH?=true,
> USE_NAT_TRAVERSAL?=true
> USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true
> USE_XAUTHPAM?=true
>
> The configuration is as follows (the VPN user is "left.")
>
> __________________________________________________ _______________
>
> conn xauth1
> type=tunnel
> #left=%defaultroute
> left=192.168.1.x
> leftsubnet=192.168.1.0/24

You cannot tunnel a subnet via a left= that is within the subnet.

> leftid=@GroupVPN
> leftxauthclient=yes
> #right=%any
> right=sonicwall.public.ip.address
> rightsubnet=192.168.0.0/24
> rightid=@pro2040
> rightxauthserver=yes
> keyingtries=0
> pfs=no
> auto=add
> auth=esp
> esp=3des-sha1
> ike=3des-sha1-modp1024
> xauth=yes
> authby=secret
> aggrmode=no
> dpddelay=5
> dpdtimeout=60
> dpdaction=clear

Try adding the modecfg commands? See man ipsec.conf or look in
openswan-2/testing/pluto/

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list