[Openswan Users] Sonicwall TZ170 to OpenSWAN peer's ID_USER_FQDN contains no @

Mike A. Leonetti mleonetti at evolutionce.com
Wed Apr 28 16:59:40 EDT 2010


Paul Wouters wrote:
> On Wed, 28 Apr 2010, Mike A. Leonetti wrote:
>
>> The intention here is to initiate and keep up a VPN between OpenSWAN and
>> an older style Sonicwall device. The Sonicwall device doesn't have a
>> place to put in the IKE ID for the local or remote connexion. This is
>> really the only thing that differs from the newer Sonicwall is that and
>> we do have three VPNs with newer Sonicwalls already working on the Linux
>> side and one on the older Sonicwall side (that we are trying to VPN
>> into).
>>
>> None of the firewalls are behind a NAT in this scenario.
>
> Then do not specify any rightid/leftid, and it will default to use the
> IP address as ID.
>
> Paul
This is what happens though:

Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: transform
(5,2,2,0) ignored.
Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: initiating
Aggressive Mode #4, connection "andree"
Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: transform
(5,2,2,0) ignored.
Apr 28 16:53:20 fortissimo ipsec__plutorun: 003 "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 16:53:20 fortissimo ipsec__plutorun: 003 "andree" #4: transform
(5,2,2,0) ignored.

And the Sonicwall side says:
IKE negotiation aborted due to timeout
IKE Initiator: No response - remote party timeout


More information about the Users mailing list