[Openswan Users] Ubuntu VPN connection to Sonicwall TZ190

J-Dog J-Dog at J-Dog.net
Thu Dec 30 12:02:30 EST 2010 

I am having some issues creating a VPN connection to my sonicwall TZ190.

I have followed the directions at 
http://www.pelagodesign.com/blog/2009/05/18/ubuntu-linux-how-to-setup-a-vpn-connection-to-a-sonicwall-router-using-openswan-and-pre-shared-keys-psk/ 
and am able to get through Phase1 and enter my username and password 
successfully and then it hangs in phase 2 with the messages below.

Below is the connection log and my ipsec config files. I would greatly 
appreciate any help with tracking down what the issue is.

Jeremy

----- Connection Log -----
002 "sonicwall" #1: XAUTH: Successfully Authenticated
002 "sonicwall" #1: transition from state STATE_XAUTH_I0 to state 
STATE_XAUTH_I1
004 "sonicwall" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
002 "sonicwall" #2: initiating Quick Mode 
PSK+ENCRYPT+TUNNEL+PFS+UP+AGGRESSIVE+IKEv2ALLOW {using isakmp#1 
msgid:183b3362 proposal=3DES(3)_192-SHA1(2)_160 
pfsgroup=OAKLEY_GROUP_MODP1536}
117 "sonicwall" #2: STATE_QUICK_I1: initiate
010 "sonicwall" #2: STATE_QUICK_I1: retransmission; will wait 20s for 
response
010 "sonicwall" #2: STATE_QUICK_I1: retransmission; will wait 40s for 
response
031 "sonicwall" #2: max number of retransmissions (2) reached 
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: 
perhaps peer likes no proposal
000 "sonicwall" #2: starting keying attempt 2 of an unlimited number, 
but releasing whack


----- ipsec.conf -----
# /etc/ipsec.conf - Openswan IPsec configuration file
version    2.0
# basic configuration
config setup
     nat_traversal=yes
     oe=off
     protostack=netkey
     interfaces=%defaultroute
# Connection configuration
conn sonicwall
      type=tunnel
      left=%defaultroute
      leftid=@GroupVPN
      leftxauthclient=yes
      right=XXX.XXX.XXX.XXX
      rightsubnet=192.168.50.0/24
      rightxauthserver=yes
      rightid=@XXXXXXXXXX
      keyingtries=0
      pfs=yes
      aggrmode=yes
      auto=add
      auth=esp
      esp=3DES-SHA1
      ike=3DES-SHA1
      authby=secret


----- ipsec.secrets -----
# /etc/ipsec.secrets
include /var/lib/openswan/ipsec.secrets.inc
@GroupVPN @XXXXXXXXXX : PSK "YYYYYYYYYYYYYYYY"

More information about the Users mailing list