[Openswan Users] Sonicwall XAUTH/DHCP suckage + openswan - SOLVED a.k.a Tunnel established but no traffic / NAT-T issues?
p.osiczko at tetrapyloctomy.org
Tue Apr 29 20:22:12 EDT 2008
A long while back I queried about NATTed openswan with Sonicwall with XAUTH.
After some additional dinking, I was able to solve the issue!
Turns out that Sonicwall does not play nice with modecfg. Openswan
was not able to obtain an IP address from the DHCP server on the SW.
Here is my configuration file ipsec.conf
I'm running stock Fedora 8 kernel, ie with default Netkey support.
I could not get 188.8.131.52 with NATT KLIPS working. Openswan is at 2.4.12.
The SW was altered in VPN -> Settings -> GroupVPN configure -> Client tab
Once I changed "Virtual Adapter Settings" from "DHCP lease" to "DHCP lease or
Manual Configuration", things magically started working.
HTH somebody 8-)
> Thanks to Peter, I was able to establish a VPN tunnel to Sonicwall from
> an exposed/non-natted client. However from behind a firewall that does NAT
> I cannot pass traffic via ipsec tunnel. Software used in this case is:
> openswan-2.4.10.kernel-2.6.22-natt.patch + klips ipsec module
> from 4.12 on a vanilla 184.108.40.206 kernel. The setup is as follows:
> openswan client -> nat/fwall -> the internet tubes -> sonicwall -> dest lan
> 192.168.1.0/24 220.127.116.11 192.168.26.0/24
More information about the Users