[Openswan Users] Cannot connect to SonicWall VPN

Stuart Oppery Stuart.Oppery at simulation-systems.co.uk
Thu Feb 2 09:09:12 EST 2012 

Hi All,
 
I am trying to connect to a VPN using IPSec, but have had problems connecting. I have a windows based SonicWall Global VPN client program that will connect to the SonicWall router. I have tried to replicate these details in the ipsec.conf as below:
 
config setup
            dumpdir=/var/run/pluto/
            nat_traversal=yes
            virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
            oe=off
            protostack=auto
            interfaces="ipsec0=eth0"
conn sonicwall
     type=tunnel
     left=172.16.XX.XX (my IP)
     leftnexthop=172.16.255.255 (my gateway)
     leftid=@GroupVPN
     leftxauthclient=yes
     right=XX.XX.XX.XX (IP address of my sonicwall router)
     rightsubnet=XX.XX.XX.XX/24 (gateway IP of my LAN)
     rightxauthserver=yes
     rightid=@0006XXXXXXXX
     keyingtries=0
     keyexchange=ike
     pfs=no
     aggrmode=yes
     auto=add
     auth=esp
     esp=aes256-sha1 
     ike=aes256-sha1-modp1024
     authby=secret
 
Below is the output given when running the command “ipsec whack --listen --name sonicwall --initiate --xauthname XXXXXX --xauthpass XXXXXX”. Seems as though it fails on the second phase auth and I am unsure what else to try.
 
It has taken me a few days to get this far so any help would be much appreciated.
 
Many thanks,
Stuart
 
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: initiating Aggressive Mode #12, connection "sonicwall"
Feb  2 13:38:40 localhost pluto[26053]: pluto_do_crypto: helper (0) is  exiting 
Feb  2 13:38:40 localhost pluto[26053]: | setting sec: 1
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: ignoring unknown Vendor ID payload [5bXXXXXXXXXXXX]
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received Vendor ID payload [RFC 3947] method set to=109 
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received Vendor ID payload [Dead Peer Detection]
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received Vendor ID payload [XAUTH]
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: Aggressive mode peer ID is ID_FQDN: '@0006XXXXXXXX'
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
Feb  2 13:38:40 localhost pluto[26053]: pluto_do_crypto: helper (0) is  exiting 
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: XAUTH: Answering XAUTH challenge with user='XXXXXX’
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received and ignored informational message
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: XAUTH: Successfully Authenticated
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #13: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+AGGRESSIVE+IKEv2ALLOW {using isakmp#12 msgid:46f6c0a8 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}
Feb  2 13:38:40 localhost pluto[26053]: pluto_do_crypto: helper (0) is  exiting 
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Feb  2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received and ignored informational message
Feb  2 13:39:10 localhost pluto[26053]: "sonicwall" #12: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Feb  2 13:39:10 localhost pluto[26053]: "sonicwall" #12: received and ignored informational message
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #13: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no roposal
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #13: starting keying attempt 2 of an unlimited number, but releasing whack
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: initiating Aggressive Mode #14, connection "sonicwall"
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: pluto_do_crypto: helper (0) is  exiting 
Feb  2 13:39:50 localhost pluto[26053]: | setting sec: 1
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: ignoring unknown Vendor ID payload [5bXXXXXXXXXXXXXX]
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: received Vendor ID payload [RFC 3947] method set to=109 
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: received Vendor ID payload [Dead Peer Detection]
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: received Vendor ID payload [XAUTH]
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: Aggressive mode peer ID is ID_FQDN: '@0006XXXXXXXX'
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: pluto_do_crypto: helper (0) is  exiting 
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: XAUTH username requested, but no file descriptor available for prompt
Feb  2 13:39:50 localhost pluto[26053]: "sonicwall" #14: sending encrypted notification CERTIFICATE_UNAVAILABLE to XX.XX.XX.XX:4500 (IP address of my sonicwall router) 
Feb  2 13:43:56 localhost pluto[26053]: "sonicwall" #12: received Delete SA payload: deleting ISAKMP State #12
Feb  2 13:43:56 localhost pluto[26053]: packet from XX.XX.XX.XX:4500: received and ignored informational message
Feb  2 13:43:56 localhost pluto[26053]: packet from XX.XX.XX.XX:4500: ignoring informational payload, type INVALID_COOKIE on st==NULL (deleted?)
Feb  2 13:43:56 localhost pluto[26053]: packet from XX.XX.XX.XX:4500: received and ignored informational message
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120202/2e4b8ae9/attachment-0001.html>

More information about the Users mailing list