[Openswan Users] Openswan <-> SonicWall TZ107 Roadwarrior
David L. Cathey
davidc at montagar.com
Fri Nov 23 17:58:56 EST 2007
I'm trying to set up a SonicWall TZ107 as a Roadwarrior against an
openswan server (Fedora 6, openswan 2.4.9 built from source).
Sonic168.conf:
conn Sonic168
type=tunnel
auto=add
auth=esp
pfs=no
authby=secret
keyingtries=1
left=66.60.79.53 #
leftid=@TSP168 # Local information
leftsubnet=192.168.2.0/24
leftnexthop=%defaultroute
right=%any # Remote information
#rightid=@Sonic168 #
rightsubnet=192.168.168.0/24 #
esp=3des-md5
ike=3des-md5
keyexchange=ike
ipsec.secrets:
@TSP168 %any : PSK "CominationForMyLuggage" # Not the real PSK!
This gets me to (several of these from ipsec auto --status):
000 #nnn: "Sonic168"[1] 72.64.118.247:500 STATE_MAIN_R3 (sent MR3,
ISAKMP SA established); EVENT_SA_REPLACE in 2596s; nodpd
I end up with openswan sending INVALID_ID_INFORMATION back to the
SonicWall. The SonicWall log also shows this(Start Quick Mode (Phase
2), followed by Received notify: INVALID_ID_INFO).
If I change the config to uncomment the rightid, it never gets a
connection (visible with plutodebug="all"):
concluding with best_match=6 best=0x812fb360 (lineno=29)
match_id a=72.64.118.247
b=@Sonic168
results fail
Since it thinks Sonic168 is a of kind ID_FQDN, and will not wildcard
with the connection, even though right=%any. Unless I just hack id.c
and have match_id() return true anyway (but that would be bad).
Can this work, since I can't see what I'm missing here...
--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
David L. Cathey |Inet: davidc at montagar.com
Montagar Software, Inc. |Fone: (972)-423-5224
P. O. Box 260772, Plano, TX 75026 |http://www.montagar.com
More information about the Users
mailing list