[Openswan Users] Sonicwall XAUTH/DHCP suckage + openswan - SOLVED a.k.a Tunnel established but no traffic / NAT-T issues?

[Pawel Osiczko]

A long while back I queried about NATTed openswan with Sonicwall with XAUTH.
After some additional dinking, I was able to solve the issue!
Turns out that Sonicwall does not play nice with modecfg. Openswan
was not able to obtain an IP address from the DHCP server on the SW.

Here is my configuration file ipsec.conf

version 2
config setup
         plutodebug="none"
         klipsdebug="none"
         nhelpers=0
         nocrsend=yes
         uniqueids=yes
         nat_traversal=yes

include /etc/ipsec.d/examples/no_oe.conf

conn group
   type=tunnel
   left=%defaultroute
   leftid=@groupvpn
   leftxauthclient=yes
   leftsubnet=192.168.1.0/24
   leftsendcert=no
   right=1.2.3.4
   rightid=@0123456789ABC
   rightxauthserver=yes
   rightsubnet=192.168.26.0/24
   modecfgpull=no
   aggrmode=yes
   auth=esp
   ike=3des-sha1-modp1024
   esp=3des-sha1-96
   pfs=no
   xauth=yes
   authby=secret
   keyingtries=0
   auto=add
   compress=no

I'm running stock Fedora 8 kernel, ie with default Netkey support.
I could not get 2.6.23.17 with NATT KLIPS working. Openswan is at 2.4.12.

The SW was altered in VPN -> Settings -> GroupVPN configure -> Client tab
Once I changed "Virtual Adapter Settings" from "DHCP lease" to "DHCP lease or
Manual Configuration", things magically started working.

HTH somebody 8-)

--p

> Hi!
> 
> Thanks to Peter, I was able to establish a VPN tunnel to Sonicwall from
> an exposed/non-natted client. However from behind a firewall that does NAT
> I cannot pass traffic via ipsec tunnel. Software used in this case is:
> openswan-2.4.10.kernel-2.6.22-natt.patch + klips ipsec module 
> from 4.12 on a vanilla 2.6.22.19 kernel. The setup is as follows:
> 
> openswan client -> nat/fwall -> the internet tubes -> sonicwall -> dest lan
> 192.168.1.0/24                                      1.2.3.4      192.168.26.0/24
>