[Openswan Users] Openswan to Sonicwall - IKE config incorrect

Peter Butler Peter.Butler at it-freedom.com
Thu Mar 12 08:39:52 EDT 2009


Hi There

I'm trying to connect from Openswan (version 2.4.12) on Ubuntu Intrepid
(Kernel 2.6.27-11) to a Sonicwall LS2400 and I am getting a
NO_PROPOSAL_CHOSEN response from Sonicwall. When I run ipsec auto
--status I get the following as part of the output:

000 "home":   IKE algorithms wanted:
3DES_CBC(5)_000-SHA1(2)-MODP1024(2); flags=strict
000 "home":   IKE algorithms found:
3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2)
000 "home":   ESP algorithms wanted: 3DES(3)_000-SHA1(2); flags=strict
000 "home":   ESP algorithms loaded: 3DES(3)_000-SHA1(2); flags=strict

From what I can see Openswan is trying to use a different algorithm for
IKE from what Sonicwall is expecting. My ipsec.conf contains:

ike=3des-sha1-modp1024

What should I be using for this instead? Is there any way to disable
"strict"? Any help would be greatly appreciated. I can post the output
of "ipsec barf" if anyone wants to take a closer look.

Cheers

Peter

_______________________________________________________________________
The information contained in this e-mail is confidential and may be privileged. It is intended for the addressee only. If you are not the intended recipient, please delete this e-mail immediately. The contents of this e-mail must not be disclosed or copied without the sender's consent. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author.

Registered Office: IT-Freedom Limited, 9 Minster Court, Tuscam Way, Camberley, Surrey GU15 3YY 
Registered in England, Number: 04500346
_______________________________________________________________________


More information about the Users mailing list