[Openswan Users] Tunnel initiates to Sonicwall but cannot reach anything inside network

Paul Wouters paul at xelerance.com
Tue Feb 16 10:32:05 EST 2010

On Mon, 15 Feb 2010, Michael Leonetti wrote:

> conn sonicwall
>         left=(leftip)
>         leftsubnet=
>         leftid=(leftid)
>         right=(rightip)
>         rightsubnet=
>         rightid=(rightid)
>         keyingtries=0
>         pfs=no
>         aggrmode=yes
>         auto=add
>         auth=esp
>         esp=3des-sha1
>         ike=3des-sha1
>         authby=secret
>         xauth=no
>         keyexchange=ike

> fortissimo linux # ipsec auto --up sonicwall
> 003 "sonicwall" #5: multiple transforms were set in aggressive mode. Only first one used.
> 003 "sonicwall" #5: transform (5,2,2,0) ignored.

This log does not match the config above? It claims you have multiple ike= proposals,
instead of just one?

> When I try to reach anything in the network:
> fortissimo linux # ping
> PING ( 56(84) bytes of data.
> From icmp_seq=6 Destination Net Unreachable

If this is on the server itself, you need to add a leftsourceip= or
use ping -I to ensure packets match your subnet (and not your public ip)

> fortissimo linux # ping
> PING ( 56(84) bytes of data.
> 64 bytes from icmp_seq=1 ttl=243 time=21.1 ms

If the remote server is doing NAT and IPsec, you need to exclude NATing
IPsec packets.

If the remote server is not the default gateway of, you might
need to add some routing to those machines.


More information about the Users mailing list