[Openswan Users] IPsec connection to Sonicwall TZ170

John Thomas john.thomas at assistedcare.net
Wed Nov 12 13:52:42 EST 2008 

I'm trying to establish a VPN between a ClarkConnect 4.3 (Community) box in
Gateway Mode and a Windows network. I successfully establish a tunnel, I can
ping/browse from the Windows network to the CC box, I can not ping/browse
from CC to Windows.

My first attempt was connecting through a Sonicwall TZ170 router. I thought
maybe the router was the issue so I created a tunnel through a Linksys
BEFVP41 router. On both routers I see the established tunnel, I can ping the
CC box, but I can not ping from a machine on the CC network to the other end
of the tunnel.

On the CC box I do a tcpdump on eth0. When pinging from the other end of the
tunnel to CC I see ESP traffic. If I ping from a laptop connected to the CC
box I see an icmp request but no ESP traffic.

I've searched the ClarkConnect forum, the Sonicwall website, and Googled
Openswan. I see lots of information about VPN's but nothing resolving my
issue. My understanding is that the Phase I (IKE) proposal establishes a
tunnel. Then within that initial tunnel, the Phase II proposal establishes
two one-way tunnels to exchange the traffic. It seems that a tunnel from the
Sonicwall/Linksys router to the CC box passes traffic but the tunnel from CC
to the others does not pass traffic.

All of my changes have been made in the /etc/ipsec.conf and ipsecrets.conf
files. I found that to establish a connection I needed to enter more
information in these files than the gui allows. A barf file is attached.
Note: I've tried with nat_traversal set to yes and no with the same results.

Any help would be greatly appreciated.
 
John Thomas
AssistedCare Management Group, Inc
(910) 332-2346 x215
(910) 371-3462 fax
 
CONFIDENTIALITY NOTE: This message is intended for use only by the
individual or entity to which it is addressed, and may contain information
which is privileged, confidential, and exempt from disclosure under
applicable law. If the reader of this message is not the intended recipient,
or the employee or agent responsible for delivering the message to the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication or any attachments is strictly
prohibited.
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081112/c19d95f1/attachment-0001.html 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: barffile.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20081112/c19d95f1/attachment-0001.txt

More information about the Users mailing list