<div dir="ltr"><div class="gmail_default" style="font-family:'courier new',monospace">Hi Tobias,</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">thanks for your help. I just did and uninstall and install without options, using same conf files, but with other internet provider, and now it works as espected, in the second attempt.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">Looks like the ipsec trafic was not allowed in that spot.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">I didn't need to use leftsourceip=%config, since in the sonicwall profile we use the option "Virtual adapter settings: DHCP Lease or Manual Configuration".</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">I'll like to congratulate all of you for your effort. </div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">I have the same conn configuration running in RHEL 6, centOS 6, openSUSE 13.2, ubuntu 14.4 and OSX 10.10. The only diference is that in ubuntu and opensuse, our rigthid that uses espaces have to be "double quoted", because it runs version 5.1.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">Now I'm trying iOS and Android ;-)</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">Thanks again.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">--<br></div><div class="gmail_extra"><div><div class="gmail_signature"><div dir="ltr"><div><font face="courier new, monospace">Alejandro Valcarcel Garcia<br>Responsable de sistemas y comunicaciones<br>ODEC - Construimos Soluciones<br><br><a href="mailto:avalcarcel@odec.es" target="_blank">avalcarcel@odec.es</a> - <a href="http://www.odec.es" target="_blank">http://www.odec.es</a> - Calle Vicent Macip, 1 (46701) Gandia SPAIN - T: +34 962 860 466 ext 1292 - M: +34 699 679 435</font></div></div></div></div>
<br><div class="gmail_quote">2015-02-24 15:02 GMT+01:00 Tobias Brunner <span dir="ltr"><<a href="mailto:tobias@strongswan.org" target="_blank">tobias@strongswan.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi Alejandro,<br>
<span class=""><br>
> brew install strongswan --with-curl --with-suite-b<br>
<br>
</span>If you use `--with-suite-b` our own userland IPsec implementation will<br>
be used instead of the kernel's via PF_KEY. So you won't see any output<br>
in `setkey -D` (also you'd have to run that command as superuser with sudo).<br>
<span class=""><br>
> parsed INFORMATIONAL_V1 request 2418823313 [ HASH N(INITIAL_CONTACT) ]<br>
> configuration payload missing in XAuth request<br>
</span>> ...<br>
<span class="">> The tunnel is stablished OK always in the second try, sonicwalls asks<br>
> twice for the username and password.<br>
<br>
</span>Looks like Sonicwall sends an INITIAL_CONTACT in an INFORMATIONAL<br>
exchange during the XAuth exchange (and even though it is the server).<br>
Apparently, charon has trouble handling this properly. In the second<br>
try the Sonicwall perhaps still has the state from the first attempt<br>
around and therefore does not send the notify.<br>
<span class=""><br>
> But once stablished no packets are arriving to the VPN Server.<br>
<br>
</span>You might need to request a virtual IP address [1] from the server using<br>
`leftsourceip=%config`, which is usually the case in remote access<br>
scenarios.<br>
<br>
Regards,<br>
Tobias<br>
<br>
[1] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp</a><br>
<br>
</blockquote></div><br></div></div>