[Openswan Users] EC2 Instance trying to connect to Sonicwall via Openswan, not getting any IP and can't route

Leto letoams at gmail.com
Wed Jul 31 20:31:31 UTC 2013 

try adding forceencaps=yes 

sent from a tiny device 

On 2013-07-31, at 21:39, doug m <qrkyxboy at gmail.com> wrote:

> Working with a client and I'm thinking maybe the Sonicwall is at fault. I am trying to use the Linux instance to connect to the VPN via Sonicwall so it should be getting fed an IP from the 192.168.10.0/24 range but it gets nothing. It authenticates and is showing connected.
> 
> 004 "sonicwall" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x9eb4577b <0xfde7e679 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> 
> But I notice this in ipsec auto --status:
> 
> 000 "sonicwall":     myip=unset; hisip=unset;
> 
> Here is the config:
> 
> config setup
>         virtual_private=virtual_private=%v4:192.168.10.0/24
>         nat_traversal=yes
>         oe=off
>         protostack=netkey
>         plutodebug=none
>         interfaces=%defaultroute
> conn sonicwall
>         type=tunnel
>         left=xxxxxxxxxxx.compute.amazonaws.com
>         leftnexthop=%defaultroute
>         leftsubnet=0.0.0.0/0.0.0.0
>         leftprotoport=17/1701
>         leftid=@GroupVPN
>         leftxauthclient=yes
>         leftxauthusername=XXXXXX
>         right=remote.server.com
>         rightsubnet=192.168.10.0/24
>         rightprotoport=17/0
>         rightxauthserver=yes
>         rightid=@XXXXXXXX  # The sonicwall's UID
>         pfs=no
>         aggrmode=yes
>         keyexchange=ike
>         auto=add
>         auth=esp
>         esp=3des-sha1
>         ike=3des-sha1-modp1024
>         ikelifetime=8h
>         authby=secret
>         rekey=no
> 
> Not sure what next steps are -- there isn't much I haven't tried, any suggestions?
> thanks-
> -doug
> 
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130731/edb0f40f/attachment.html>

More information about the Users mailing list