[Openswan Users] PSK VPN
Troy Telford
ttelford.groups at gmail.com
Wed Sep 15 07:57:15 EDT 2010
On 2010-09-14 18:49:13 -0600, Michael DiMartino said:
> I am attempting unsuccessfully to set up a site to site PSK VPN w/ my
> Sonicwall.
> Any help with this will be greatly appreciated. I have included my
> config and the logs.
I can't claim to be anythine more than a novice...
Have you read the following thread in the list archive?
http://lists.openswan.org/pipermail/users/2007-May/012335.html
Things I've noticed are wrong are below:
>
> Leftside (openswan)
> Inside IP: 10.179.168.101/19 (eth1)
> Outsite IP : 185.107.225.171/24 (eth0)
>
> Rightside (sonicwall)
> Inside subnet: 192.168.168.0/24
> Outside IP: 217.58.22.147
>
> My ipsec.conf file
>
> config setup
> nat_traversal=yes
> nhelpers=0
> interfaces="ipsec0=eth0"
This particular line is only valid if you're using the KLIPS (or mast)
IPsec stack. Your logs indicate that you're using NETKEY: (000 using
kernel interface: netkey)
I'm not positive, but I think
interfaces=%default
would be the right choice - it's valid, at least.
>
> conn sonicwall
> type=tunnel
> left=10.179.168.101 #Inside IP of Openswan server.
> leftid=@cloud
> leftxauthclient=yes
> right=217.58.22.147 #IP address of your sonicwall router
> rightsubnet=192.168.168.0/24 # inside subnet of sonicwall
> rightxauthserver=yes
> rightid=@sonicwall.unique.identifier
> keyingtries=0
> pfs=yes
> aggrmode=yes
Everything I've read says aggrmode=yes isn't a good idea. I'm not sure
if it's causing your particular problem, however.
> auto=add
> auth=esp
> esp=3DES-SHA1
> ike=3DES-SHA1
> authby=secret
> #xauth=yes
As far as your logs go: What OS/Linux distribution are you using? The
contents of 'ipsec auto --status' are useful, but what do the actual
logfiles in /var/log say?
(it helps to use 'grep' to filter out only the entries from 'pluto';
ie. 'cat /var/log/syslog | grep pluto')
--
Troy Telford
More information about the Users
mailing list