[Openswan Users] Cannot connect to SonicWall VPN
Stuart Oppery
Stuart.Oppery at simulation-systems.co.uk
Thu Feb 2 09:09:12 EST 2012
Hi All,
I am trying to connect to a VPN using IPSec, but have had problems connecting. I have a windows based SonicWall Global VPN client program that will connect to the SonicWall router. I have tried to replicate these details in the ipsec.conf as below:
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
oe=off
protostack=auto
interfaces="ipsec0=eth0"
conn sonicwall
type=tunnel
left=172.16.XX.XX (my IP)
leftnexthop=172.16.255.255 (my gateway)
leftid=@GroupVPN
leftxauthclient=yes
right=XX.XX.XX.XX (IP address of my sonicwall router)
rightsubnet=XX.XX.XX.XX/24 (gateway IP of my LAN)
rightxauthserver=yes
rightid=@0006XXXXXXXX
keyingtries=0
keyexchange=ike
pfs=no
aggrmode=yes
auto=add
auth=esp
esp=aes256-sha1
ike=aes256-sha1-modp1024
authby=secret
Below is the output given when running the command “ipsec whack --listen --name sonicwall --initiate --xauthname XXXXXX --xauthpass XXXXXX”. Seems as though it fails on the second phase auth and I am unsure what else to try.
It has taken me a few days to get this far so any help would be much appreciated.
Many thanks,
Stuart
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: initiating Aggressive Mode #12, connection "sonicwall"
Feb 2 13:38:40 localhost pluto[26053]: pluto_do_crypto: helper (0) is exiting
Feb 2 13:38:40 localhost pluto[26053]: | setting sec: 1
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: ignoring unknown Vendor ID payload [5bXXXXXXXXXXXX]
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received Vendor ID payload [RFC 3947] method set to=109
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received Vendor ID payload [Dead Peer Detection]
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received Vendor ID payload [XAUTH]
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: Aggressive mode peer ID is ID_FQDN: '@0006XXXXXXXX'
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
Feb 2 13:38:40 localhost pluto[26053]: pluto_do_crypto: helper (0) is exiting
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: XAUTH: Answering XAUTH challenge with user='XXXXXX’
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received and ignored informational message
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: XAUTH: Successfully Authenticated
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #13: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+AGGRESSIVE+IKEv2ALLOW {using isakmp#12 msgid:46f6c0a8 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}
Feb 2 13:38:40 localhost pluto[26053]: pluto_do_crypto: helper (0) is exiting
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Feb 2 13:38:40 localhost pluto[26053]: "sonicwall" #12: received and ignored informational message
Feb 2 13:39:10 localhost pluto[26053]: "sonicwall" #12: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Feb 2 13:39:10 localhost pluto[26053]: "sonicwall" #12: received and ignored informational message
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #13: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no roposal
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #13: starting keying attempt 2 of an unlimited number, but releasing whack
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: initiating Aggressive Mode #14, connection "sonicwall"
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: pluto_do_crypto: helper (0) is exiting
Feb 2 13:39:50 localhost pluto[26053]: | setting sec: 1
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: ignoring unknown Vendor ID payload [5bXXXXXXXXXXXXXX]
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: received Vendor ID payload [RFC 3947] method set to=109
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: received Vendor ID payload [Dead Peer Detection]
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: received Vendor ID payload [XAUTH]
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: Aggressive mode peer ID is ID_FQDN: '@0006XXXXXXXX'
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: pluto_do_crypto: helper (0) is exiting
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: XAUTH username requested, but no file descriptor available for prompt
Feb 2 13:39:50 localhost pluto[26053]: "sonicwall" #14: sending encrypted notification CERTIFICATE_UNAVAILABLE to XX.XX.XX.XX:4500 (IP address of my sonicwall router)
Feb 2 13:43:56 localhost pluto[26053]: "sonicwall" #12: received Delete SA payload: deleting ISAKMP State #12
Feb 2 13:43:56 localhost pluto[26053]: packet from XX.XX.XX.XX:4500: received and ignored informational message
Feb 2 13:43:56 localhost pluto[26053]: packet from XX.XX.XX.XX:4500: ignoring informational payload, type INVALID_COOKIE on st==NULL (deleted?)
Feb 2 13:43:56 localhost pluto[26053]: packet from XX.XX.XX.XX:4500: received and ignored informational message
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120202/2e4b8ae9/attachment-0001.html>
More information about the Users
mailing list