[Openswan Users] Openswan to Sonicwall
Dave Vree
mailing51 at hotmail.com
Wed Sep 17 15:32:08 EDT 2008
I look deeper into this issue and found some Sonicwall documents on
their web site. Apparently I needed to enable phase I agressive mode.
I added "aggrmode=yes" to my connection definition and got past Xauth
authentication. I am know bumping into other problems, but these are
for another thread (after some more research). Thanks for your help.
By the way - in my research I read that 2.6 kernels do not require the line
interfaces="ipsec0=eth0"
in the config file. I took it out and it seemed to have no effect. Is
this correct?
Best,
Dave
Paul Wouters wrote:
> On Mon, 15 Sep 2008, Hot Mailing wrote:
>
>> 106 "WorkOffice" #1: STATE_MAIN_I2: sent MI2, expecting MR2
>> 003 "WorkOffice" #1: ignoring unknown Vendor ID payload
>> [404bf439522ca3f6]
>> 003 "WorkOffice" #1: received Vendor ID payload [XAUTH]
>> 003 "WorkOffice" #1: received Vendor ID payload [Dead Peer Detection]
>> 003 "WorkOffice" #1: NAT-Traversal: Result using RFC 3947
>> (NAT-Traversal): i am NATed
>> 108 "WorkOffice" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>> 003 "WorkOffice" #1: Mode Config message is unacceptable because it is
>> for an incomplete ISAKMP SA (state=STATE_MAIN_I3)
>
> We are expecting an MR3 packet to finish setting up phase 1, but we are
> getting a mode config packet. This looks like a Sonicwall bug. I have
> a vague recollection that this has been seen before. Try googling the
> archives for 'xauth sonicwall' ?
>
> Paul
>
>
_________________________________________________________________
See how Windows Mobile brings your life together—at home, work, or on the go.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080917/35e6f055/attachment.html
More information about the Users
mailing list