[Openswan Users] Anyone? Anyone? "Roadwarrior" to SonicWall VPNrouting issues
petermcgill at goco.net
Fri Apr 25 13:35:13 EDT 2008
Well I've never worked with XAUTH or a SonicWall specifically, but two general suggestions.
1) This might just be an email typo, but...
Otherwise from the information provided, I cannot see any problems, so...
2) Give us more information.
The output of...
Preferably in an attachment and not the email body.
Note from man ipsec_barf:
Barf censors its output, replacing keys and secrets with brief check-
sums to avoid revealing sensitive information.
Also send us the SonicWall configuration information (without keys of course).
As for your firewall question, You need to allow the following in/out connections:
udp/isakmp (proto 17 port 500)
esp (proto 50)
And if using NAT-T
udp/4500 (proto 17 port 4500)
If the firewall is on the same computer as IPSec, then you'll also need to allow,
the private tunnelled traffic ie) to/from 192.168.1.0/24 and 192.168.2.0/24.
If your using SNAT or MASQUERADE on your IPSec device, you'll need to exempt,
the private tunnelled traffic from that.
If the firewall is on a different computer between IPSec endpoints, then you'll need to
forward the above isakmp, esp and possibly NAT-T inbound to the IPSec router to accept
connections from the other side.
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Chris Zimmerman
Sent: April 25, 2008 1:00 PM
To: users at openswan.org
Subject: [Openswan Users] Anyone? Anyone? "Roadwarrior" to SonicWall VPNrouting issues
I'm not trying to be a pest, but I have to get this working:
I have been fighting through this setup for more than a week now and I'm at a brick wall.
<http://192.168.1.1/> (router)192.168.2.1 <http://192.168.2.1/> ]----------192.168.2.0/24
I am connected to the internet over an aircard using Ubuntu, so no NAT'ing is in the way on my end. I need to establish a tunnel
from my machine to the sonicwall to gain access to the 192.168.1.0 <http://192.168.1.0/> AND 192.168.2.0 <http://192.168.2.0/>
networks. I am using XAUTH on the Sonicwall and it has NAT traverse enabled. I can successfully authenticate and connect to the
192.168.1.0 <http://192.168.1.0/> network and I can ping 192.168.1.1 <http://192.168.1.1/> . I can also ping 192.168.2.1
<http://192.168.2.1/> (other interface on the router) but I cannot ping any other IP's on the 2.0 network. This connection is
using the GroupVPN SA on the Standard OS Sonicwall. How do I configure this?
Here's my ipsec.conf config:
<snip auth lines>
<snip auth lines>
I've read through countless mailing lists and google links and the openswan wiki, but I cannot figure out how to get this working.
It has to be a routing issue but I am still unfamiliar with ipsec so I am unsure of what to change.
ANY assistance would be great!!
I would also like to know what, if anything, would need to change for me to connect this tunnel when my machine (laptop) is behind a
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users