[Openswan Users] Sonicwall TZ180 and Openswan

Zoltán FARKAS zoltan.farkas at gmail.com
Sat Oct 4 06:43:34 EDT 2008


  Dear All,

 I try to connect to a Sonicwall TZ180 using Openswan.
 Phase 1 finishes fine. However, phase 2 Quick Mode failes, seems to be stuck:
$ ipsec whack --name hydra --xauthname secret1 --xauthpass secret2 --initiate
002 "hydra" #1: initiating Main Mode
104 "hydra" #1: STATE_MAIN_I1: initiate
003 "hydra" #1: ignoring unknown Vendor ID payload [5b362bc820f70001]
002 "hydra" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "hydra" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "hydra" #1: ignoring unknown Vendor ID payload [da8e937880010000]
003 "hydra" #1: ignoring unknown Vendor ID payload [404bf439522ca3f6]
003 "hydra" #1: received Vendor ID payload [XAUTH]
002 "hydra" #1: I did not send a certificate because I do not have one.
002 "hydra" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "hydra" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "hydra" #1: Main mode peer ID is ID_IPV4_ADDR: '<IP2>'
002 "hydra" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "hydra" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
002 "hydra" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
117 "hydra" #2: STATE_QUICK_I1: initiate
010 "hydra" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "hydra" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "hydra" #2: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode
message: perhaps peer likes no proposal
000 "hydra" #2: starting keying attempt 2 of an unlimited number, but
releasing whack

 Here is the connection configuration:
conn hydra
        type=tunnel
        auto=add
        auth=esp
        authby=secret
        left=%defaultroute
        leftid=@linux
        right=<IP1>
        rightid=<IP2>
        esp=3des-sha1
        ike=3des-sha1
        xauth=yes

 I'm able to connect with the SonicWall Global VPN Client. In the
connection detail, it says the followings for Phase 2:
  Protocol: ESP
  Encapsulation mode: UDP Encapsulation Tunnel
  Encryption Algorithm: Triple DES (192-bits)
  Hash Algorithms: HMAC-SHA
  Diffie-Hellman Group: Alternate 1024-bit MODP (Group 2)

 I think the connection configuration matches the above. Could you
please give an advice?
 Thanks in advance,

  Zoltan


More information about the Users mailing list