[Openswan Users] Openswan to Sonicwall

Dave Vree mailing51 at hotmail.com
Wed Sep 17 15:32:08 EDT 2008

I look deeper into this issue and found some Sonicwall documents on 
their web site.  Apparently I needed to enable phase I agressive mode.

I added  "aggrmode=yes" to my connection definition and got past Xauth 
authentication.   I am know bumping into other problems, but these are 
for another thread (after some more research).  Thanks for your help.

By the way - in my research I read that 2.6 kernels do not require the line


in the config file.  I took it out and it seemed to have no effect.  Is 
this correct?


Paul Wouters wrote:
> On Mon, 15 Sep 2008, Hot Mailing wrote:
>> 106 "WorkOffice" #1: STATE_MAIN_I2: sent MI2, expecting MR2
>> 003 "WorkOffice" #1: ignoring unknown Vendor ID payload 
>> [404bf439522ca3f6]
>> 003 "WorkOffice" #1: received Vendor ID payload [XAUTH]
>> 003 "WorkOffice" #1: received Vendor ID payload [Dead Peer Detection]
>> 003 "WorkOffice" #1: NAT-Traversal: Result using RFC 3947
>> (NAT-Traversal): i am NATed
>> 108 "WorkOffice" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>> 003 "WorkOffice" #1: Mode Config message is unacceptable because it is
>> for an incomplete ISAKMP SA (state=STATE_MAIN_I3)
> We are expecting an MR3 packet to finish setting up phase 1, but we are
> getting a mode config packet. This looks like a Sonicwall bug. I have
> a vague recollection that this has been seen before. Try googling the
> archives for 'xauth sonicwall' ?
> Paul

See how Windows Mobile brings your life together—at home, work, or on the go.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080917/35e6f055/attachment.html 

More information about the Users mailing list