[Openswan Users] openswan xauth problem with sonicwall
Aaron Zhang
bzhang at sonicwall.com
Thu Jul 23 01:47:56 EDT 2009
Hi,
SonicWall groupvpn must use aggressive mode which means "aggrmode=yes"
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Amlan Mandal
Sent: 2009年7月23日 3:42
To: users at openswan.org
Subject: [Openswan Users] openswan xauth problem with sonicwall
Hi All,
I love linux. I really do. I know it is open source, lot of people has contributed voluntarily to make it better. But some time it does not meet the basic standards. I am sorry that I made the statement. But that is how it is. I am trying to run vpn on my Ubuntu 7.10 (gutsy) with openswan 1:2.4.6+dfsg.2-1.1build2 with Sonicwall VPN (xauth enabled). I can not disable xauth as it is company policy.
After it does
004 "sonicwall" #6: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}
I guess it should as xauth authentication after this. Nothing happens it just gets stuck then I get
003 "sonicwall" #6: next payload type of ISAKMP Hash Payload has an unknown value: 164
003 "sonicwall" #6: malformed payload in packet
002 "sonicwall" #6: sending notification PAYLOAD_MALFORMED to xxx.xxx.xxx.xxx:4500
I have tried all possible config it JUST does not work. After 5 days of work I could not make it work.
conn sonicwall
type=tunnel
left=10.0.0.2
leftid=@GroupVPN
leftxauthclient=yes
rightxauthclient=yes
right=x.x.x.x
rightsubnet=192.168.1.0/24
rightxauthserver=yes
leftxauthserver=yes
rightid=@xxxxxxxxxxx
keyingtries=1
pfs=yes
aggrmode=no
auto=add
auth=esp
esp=3des-sha1
ike=3des-sha1-modp1536
authby=secret
xauth=yes
Is it ever going to work????
Hope it will.
Regards,
Amlan
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list