[Openswan Users] Openswan to Sonicwall - IKE config incorrect

Peter Butler Peter.Butler at it-freedom.com
Fri Mar 13 06:19:27 EDT 2009


I've attached them here. I can attach an "ipsec barf" as well if it
would help, but I don't want to clog up the list. Is it OK if I send it
to you direct to take a look? I'll post any results back to the list.

Cheers

Peter

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Peter McGill
Sent: 12 March 2009 18:16
To: Peter Butler; users at openswan.org
Subject: Re: [Openswan Users] Openswan to Sonicwall - IKE config
incorrect

It would really help to see your ipsec logs.
grep 'pluto' /var/log/* > ipseclog.txt

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Peter Butler
> Sent: March 12, 2009 1:54 PM
> To: users at openswan.org
> Subject: Re: [Openswan Users] Openswan to Sonicwall - IKE 
> config incorrect
> 
> I think you're right. I've just run wireshark on the Openswan 
> box and I
> can see packets coming back from Sonicwall. I guess this 
> means that NAT
> is working at least. However, Sonicwall is still only giving me the
> "NO-PROPOSAL-CHOSEN" response. 
> 
> Cheers
> 
> Peter
> 
> -----Original Message-----
> From: Lawrence Manning [mailto:lawrence.manning at smoothwall.net] 
> Sent: 12 March 2009 17:33
> To: Peter Butler
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] Openswan to Sonicwall - IKE config
> incorrect
> 
> 
> On 12 Mar 2009, at 17:24, Peter Butler wrote:
> 
> > Ah, I think NAT might be the problem. According to this, my network
> > provider (Vodafone UK) uses NAT and port address translation:
> >
> > http://forum.vodafone.co.uk/index.php?showtopic=7813
> >
> > Does this mean I won't be able to use Openswan (or any other IPSec
> > client) with this network provider?
> 
> NAT-T mode IPSec (network packets encapsulated in UDP packets as  
> opposed to ESP) should pass through vodafone's NATing gateway just  
> nicely.
> 
> Openswan (and other 'swans) support NAT-T, assuming the config as  
> "nat_traversal=yes".
> 
> Hope that helps,
> 
> -- 
> 
> Lawrence Manning
> Lead Developer
> Smoothwall Ltd. -  http://www.smoothwall.net/
> 
> SmoothWall Limited
> 1 John Charles Way
> Leeds LS12 6QA
> United Kingdom
> 
> Phone:
> 1 800 959 3760 (USA, Canada and North America)
> 0870 1 999 500 (United Kingdom)
> +44 870 1 999 500 (all other countries)
> Fax:
> +44 870 1 991 399
> 
> SmoothWall Limited is registered in England, Company Number: 4298247
> 
> This email and any attachments transmitted with it are 
> confidential to  
> the intended recipient(s) and may not be communicated to any other  
> person or published by any means without the permission of 
> SmoothWall  
> Limited.  Any opinions stated in this message are solely 
> those of the  
> author.  See: http://smoothwall.net/company/email.php for the full  
> text of this notice.
> 
> 
> 
> 
> 
> 
> ______________________________________________________________
> _________
> The information contained in this e-mail is confidential and 
> may be privileged. It is intended for the addressee only. If 
> you are not the intended recipient, please delete this e-mail 
> immediately. The contents of this e-mail must not be 
> disclosed or copied without the sender's consent. The 
> statements and opinions expressed in this message are those 
> of the author and do not necessarily reflect those of the 
> company. The company does not take any responsibility for the 
> views of the author.
> 
> Registered Office: IT-Freedom Limited, 9 Minster Court, 
> Tuscam Way, Camberley, Surrey GU15 3YY 
> Registered in England, Number: 04500346
> ______________________________________________________________
> _________
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155

_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

_______________________________________________________________________
The information contained in this e-mail is confidential and may be privileged. It is intended for the addressee only. If you are not the intended recipient, please delete this e-mail immediately. The contents of this e-mail must not be disclosed or copied without the sender's consent. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author.

Registered Office: IT-Freedom Limited, 9 Minster Court, Tuscam Way, Camberley, Surrey GU15 3YY 
Registered in England, Number: 04500346
_______________________________________________________________________
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipseclog.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20090313/4a62270a/attachment.txt 


More information about the Users mailing list