[Openswan Users] SonicOs Enhanced - Default Group VPN and OpenSwan
Davide Fanciola
dfanciola at gmail.com
Mon Jun 10 13:06:46 UTC 2013
Hi,
we are using a SonicWall box with the default GroupVPN setup and the
internal DHCP is used to configure VPN clients addresses. We are not
using L2TP, just the internal DHCP that comes with the SonicWall.
I've managed to configure OpenSwan to connect and access the VPN
networks, but i cannot get the dhcp part to work.
The problem i have is that when I access VPN resources, my source ip is
unchanged (same as in my LAN) and I would like to be seen as a "VPN DHCP
Client" on the other side.
Here is the config i'm using now :
********************
config setup
nat_traversal=yes
oe=off
protostack=netkey
interfaces=%defaultroute
conn sonicwall
type=tunnel
left=%defaultroute
leftid=@GroupVPN
leftxauthclient=yes
leftxauthusername=<USERNAME>
right=<SONIC_IP>
rightid=@<SONIC_ID>
rightsubnet=172.16.0.0/23
rightxauthserver=yes
modecfgpull=yes
keyingtries=0
pfs=no
aggrmode=yes
keyexchange=ike
auto=add
auth=esp
ike=3des-sha1
phase2alg=3des-sha1
authby=secret
********************
I've tried to add "rightmodecfgserver=yes" and "leftmodecfgclient=yes"
but with no success. Changing modecfgpull from yes to no have no effect
on the actual configuration.
I've also tried to set "leftsubnet=172.16.0.101/32" but despite being
able to connect without apparent errors (SonicWall logs agrees) packets
are not routed correctly.
Also tried to add leftnexthop and leftsourceip with various combinations
but still no luck.
Maybe after all what I'm trying to do is not supported, the docs I've
found on the SonicWall(ehm...Dell) web site are suggesting this kind of
configuration anyway.
Does anyone know if it's possible to make OpenSwan get the network
configuration from a SonicWall VPN? What would be a correct
configuration for that case?
Thanks in advance,
Cheers,
Davide
More information about the Users
mailing list