[Openswan Users] Anyone? Anyone? "Roadwarrior" to SonicWall VPN routing issues

Chris Zimmerman czimmer at wczimmerman.dyndns.org
Fri Apr 25 12:59:35 EDT 2008 

I'm not trying to be a pest, but I have to get this working:

I have been fighting through this setup for more than a week now and I'm at
a brick wall.

My setup:

my.ip-----------{internet}-----1.1.1.1(sonicwall)192.168.1.254========[
192.168.1.0/24

[--------[192.168.1.1(router)192.168.2.1]----------192.168.2.0/24


I am connected to the internet over an aircard using Ubuntu, so no NAT'ing
is in the way on my end.  I need to establish a tunnel from my machine to
the sonicwall to gain access to the 192.168.1.0 AND 192.168.2.0 networks.  I
am using XAUTH on the Sonicwall and it has NAT traverse enabled.  I can
successfully authenticate and connect to the 192.168.1.0 network and I can
ping 192.168.1.1.  I can also ping 192.168.2.1 (other interface on the
router) but I cannot ping any other IP's on the 2.0 network.  This
connection is using the GroupVPN SA on the Standard OS Sonicwall.  How do I
configure this?

Here's my ipsec.conf config:

config setup

conn block
    auto=ignore
conn private
    auto=ignore
conn private-or-clear
    auto=ignore
conn clear-or-private
    auto=ignore
conn clear
    auto=ignore
conn packetdefault
    auto=ignore

conn net1
     left=my.ip
     leftid=@home
     leftxauthclient=yes
     right=ip.sonicwall (internet)
     rightsubnet=192.168.1.0/24
     rightxauthserver=yes
     rightid=@sonicwall identifier
     <snip auth lines>


conn net2
     left=my.ip
     leftid=@home
     leftxauthclient=yes
     right=ip.sonicwall (internet)
     rightsubnet=192.168.2.0
     rightxauthserver=yes
     rightid=@sonicwall identifier
     <snip auth lines>

I've read through countless mailing lists and google links and the openswan
wiki, but I cannot figure out how to get this working.  It has to be a
routing issue but I am still unfamiliar with ipsec so I am unsure of what to
change.

ANY assistance would be great!!

I would also like to know what, if anything, would need to change for me to
connect this tunnel when my machine (laptop) is behind a firewall, too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080425/fab7e6f5/attachment.html

More information about the Users mailing list