[strongSwan] Strongswan connection to Sonicwall Enhanced OS 4.x using IKEv2
Andreas Steffen
andreas.steffen at strongswan.org
Wed Sep 15 08:32:29 CEST 2010
Hello Jack,
N(INVAL_SYN) is sometimes returned if the peer does not recognize or
support all crypto proposals. Have you tried to restrict it to simple
ones as e.g.
ike=aes128-sha1-modp2048!
Do not forget to set the strict flag '!' so that only this suite is
proposed.
Regards
Andreas
On 09/14/2010 10:50 PM, Jack Omalley wrote:
> Has anyone gotten Strongswan to connect (using IKEv2) to a Sonicwall
> running Enhanced OS 4.x? I have spent several hours on this, and have
> gotten nowhere.
>
> I've got a stripped down config in a test environment, and when I try to
> make a connection, I get
>
>
> root at mercury:/home/user1# ipsec up home
> initiating IKE_SA home[1] to xx.xx.xx.xxx
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from 192.168.5.209[500] to xx.xx.xx.xxxx[500]
> received packet: from xx.xx.xx.xxx[500] to 192.168.5.209[500]
> parsed IKE_SA_INIT response 0 [ N(INVAL_SYN) ]
> received INVALID_SYNTAX notify error
> root at mercury:/home/user1#
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list