[Openswan Users] Openswan to Sonicwall

Paul Wouters paul at xelerance.com
Tue Sep 16 10:55:39 EDT 2008

On Mon, 15 Sep 2008, Hot Mailing wrote:

> 106 "WorkOffice" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "WorkOffice" #1: ignoring unknown Vendor ID payload [404bf439522ca3f6]
> 003 "WorkOffice" #1: received Vendor ID payload [XAUTH]
> 003 "WorkOffice" #1: received Vendor ID payload [Dead Peer Detection]
> 003 "WorkOffice" #1: NAT-Traversal: Result using RFC 3947
> (NAT-Traversal): i am NATed
> 108 "WorkOffice" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 003 "WorkOffice" #1: Mode Config message is unacceptable because it is
> for an incomplete ISAKMP SA (state=STATE_MAIN_I3)

We are expecting an MR3 packet to finish setting up phase 1, but we are
getting a mode config packet. This looks like a Sonicwall bug. I have
a vague recollection that this has been seen before. Try googling the
archives for 'xauth sonicwall' ?


More information about the Users mailing list