[Openswan Users] Openswan to Sonicwall - IKE config incorrect

Zack Train zack at voltage.com
Thu Mar 12 15:11:58 EDT 2009

>From the original post, I think I see the problem:
000 "home":   IKE algorithms wanted:
3DES_CBC(5)_000-SHA1(2)-MODP1024(2); flags=strict
000 "home":   IKE algorithms found:

It is asking for plain SHA1 and the response will only do SHA1-192.


-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Lawrence Manning
Sent: Thursday, March 12, 2009 10:33 AM
To: Peter Butler
Cc: users at openswan.org
Subject: Re: [Openswan Users] Openswan to Sonicwall - IKE config incorrect

On 12 Mar 2009, at 17:24, Peter Butler wrote:

> Ah, I think NAT might be the problem. According to this, my network
> provider (Vodafone UK) uses NAT and port address translation:
> http://forum.vodafone.co.uk/index.php?showtopic=7813
> Does this mean I won't be able to use Openswan (or any other IPSec
> client) with this network provider?

NAT-T mode IPSec (network packets encapsulated in UDP packets as
opposed to ESP) should pass through vodafone's NATing gateway just

Openswan (and other 'swans) support NAT-T, assuming the config as

Hope that helps,


Lawrence Manning
Lead Developer
Smoothwall Ltd. -  http://www.smoothwall.net/

SmoothWall Limited
1 John Charles Way
Leeds LS12 6QA
United Kingdom

1 800 959 3760 (USA, Canada and North America)
0870 1 999 500 (United Kingdom)
+44 870 1 999 500 (all other countries)
+44 870 1 991 399

SmoothWall Limited is registered in England, Company Number: 4298247

This email and any attachments transmitted with it are confidential to
the intended recipient(s) and may not be communicated to any other
person or published by any means without the permission of SmoothWall
Limited.  Any opinions stated in this message are solely those of the
author.  See: http://smoothwall.net/company/email.php for the full
text of this notice.

Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan:

More information about the Users mailing list