[Openswan Users] Openswan to Sonicwall - IKE config incorrect

Peter Butler Peter.Butler at it-freedom.com
Thu Mar 12 13:53:38 EDT 2009 

I think you're right. I've just run wireshark on the Openswan box and I
can see packets coming back from Sonicwall. I guess this means that NAT
is working at least. However, Sonicwall is still only giving me the
"NO-PROPOSAL-CHOSEN" response. 

Cheers

Peter

-----Original Message-----
From: Lawrence Manning [mailto:lawrence.manning at smoothwall.net] 
Sent: 12 March 2009 17:33
To: Peter Butler
Cc: users at openswan.org
Subject: Re: [Openswan Users] Openswan to Sonicwall - IKE config
incorrect


On 12 Mar 2009, at 17:24, Peter Butler wrote:

> Ah, I think NAT might be the problem. According to this, my network
> provider (Vodafone UK) uses NAT and port address translation:
>
> http://forum.vodafone.co.uk/index.php?showtopic=7813
>
> Does this mean I won't be able to use Openswan (or any other IPSec
> client) with this network provider?

NAT-T mode IPSec (network packets encapsulated in UDP packets as  
opposed to ESP) should pass through vodafone's NATing gateway just  
nicely.

Openswan (and other 'swans) support NAT-T, assuming the config as  
"nat_traversal=yes".

Hope that helps,

-- 

Lawrence Manning
Lead Developer
Smoothwall Ltd. -  http://www.smoothwall.net/

SmoothWall Limited
1 John Charles Way
Leeds LS12 6QA
United Kingdom

Phone:
1 800 959 3760 (USA, Canada and North America)
0870 1 999 500 (United Kingdom)
+44 870 1 999 500 (all other countries)
Fax:
+44 870 1 991 399

SmoothWall Limited is registered in England, Company Number: 4298247

This email and any attachments transmitted with it are confidential to  
the intended recipient(s) and may not be communicated to any other  
person or published by any means without the permission of SmoothWall  
Limited.  Any opinions stated in this message are solely those of the  
author.  See: http://smoothwall.net/company/email.php for the full  
text of this notice.






_______________________________________________________________________
The information contained in this e-mail is confidential and may be privileged. It is intended for the addressee only. If you are not the intended recipient, please delete this e-mail immediately. The contents of this e-mail must not be disclosed or copied without the sender's consent. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author.

Registered Office: IT-Freedom Limited, 9 Minster Court, Tuscam Way, Camberley, Surrey GU15 3YY 
Registered in England, Number: 04500346
_______________________________________________________________________

More information about the Users mailing list