[Openswan Users] SonicOs Enhanced - Default Group VPN and OpenSwan

Davide Fanciola dfanciola at gmail.com
Mon Jun 10 13:06:46 UTC 2013


Hi,

we are using a SonicWall box with the default GroupVPN setup and the
internal DHCP is used to configure VPN clients addresses. We are not
using L2TP, just the internal DHCP that comes with the SonicWall. 

I've managed to configure OpenSwan to connect and access the VPN
networks, but i cannot get the dhcp part to work. 
The problem i have is that when I access VPN resources, my source ip is
unchanged (same as in my LAN) and I would like to be seen as a "VPN DHCP
Client" on the other side.

Here is the config i'm using now :

********************
config setup
    nat_traversal=yes
    oe=off
    protostack=netkey
    interfaces=%defaultroute

conn sonicwall
    type=tunnel
    left=%defaultroute
    leftid=@GroupVPN
    leftxauthclient=yes
    leftxauthusername=<USERNAME>
    right=<SONIC_IP>
    rightid=@<SONIC_ID>
    rightsubnet=172.16.0.0/23
    rightxauthserver=yes
    modecfgpull=yes
    keyingtries=0
    pfs=no
    aggrmode=yes
    keyexchange=ike
    auto=add
    auth=esp
    ike=3des-sha1
    phase2alg=3des-sha1
    authby=secret
********************


I've tried to add "rightmodecfgserver=yes" and "leftmodecfgclient=yes"
but with no success. Changing modecfgpull from yes to no have no effect
on the actual configuration.

I've also tried to set "leftsubnet=172.16.0.101/32" but despite being
able to connect without apparent errors (SonicWall logs agrees) packets
are not routed correctly.
Also tried to add leftnexthop and leftsourceip with various combinations
but still no luck.

Maybe after all what I'm trying to do is not supported, the docs I've
found on the SonicWall(ehm...Dell) web site are suggesting this kind of
configuration anyway.

Does anyone know if it's possible to make OpenSwan get the network
configuration from a SonicWall VPN? What would be a correct
configuration for that case?

Thanks in advance,

Cheers,
Davide



More information about the Users mailing list