[Openswan Users] General Guidance - Connecting to Sonicwall Global VPn

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri Jun 13 11:30:31 EDT 2014

I don't use Ubuntu, I use Fedora. This will change the GUI interface 
available for OpenSWAN.  Which doesn't work properly in Fedora anyway so 
I have to do everything via command line.

The sonicwall windows client uses IPSec Tunnel with xauth 
authentication.   The client config file that you export from the 
Sonicwall appliance includes the PSK and other parameters.     You can 
use openswan to configure an equivalent type of connection, but you do 
need to know  the PSK, encryption settings, and group name.   Unlike the 
windows client, a virtual NIC is not used, so you may also have to tweek 
some routing/forwarding options  on the linux machines.

The alternate approach used by the sonicwall is an 
L2TP-tunnel-over-IPSec-transport, if enabled on the sonicwall. The GUI 
may work better with this-  but I think it is also using openswan or 
libreswan in the background.  This will provide a virtual NIC on the 
client.     This is same approach used by the IPSec VPN client support 
native in MS  windows.

A few tech savvy people at my work use Openswan for the VPN 
client.        But it turns out to be such a PITA that we found for some 
people it was simpler to purchase a Sonicwall TZ105 for some remote 
users, and just configure a site-to-site link.

On 06/12/14 20:52, Mark Newnham wrote:
> I am wondering if it is possible to connect an Ubuntu 14 system to a 
> Sonicwall Global VPN server under the following circumstances:
> The connection, when done under Windows is the simplest possible when 
> using the Sonicwall Windows Client software:
> 1. Run the microsoft installer
> 2. Enter the server name
> 3. When prompted, enter the user name and password.
> There are no shared keys, group passwords or any other configurations 
> required.
> The system I am connecting to is run by a third party, so I have no 
> access to configuration settings. The local client has a DHCP 
> allocatted IP address and its internet connection is NAT'd through an 
> Astaro firewall.
> Mark
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140613/02dac062/attachment.html>

More information about the Users mailing list