[strongSwan] Strongswan connection to Sonicwall Enhanced OS 4.x using IKEv2

Andreas Steffen andreas.steffen at strongswan.org
Wed Sep 15 08:32:29 CEST 2010

Hello Jack,

N(INVAL_SYN) is sometimes returned if the peer does not recognize or
support all crypto proposals. Have you tried to restrict it to simple
ones as e.g.


Do not forget to set the strict flag '!' so that only this suite is



On 09/14/2010 10:50 PM, Jack Omalley wrote:
> Has anyone gotten Strongswan to connect (using IKEv2) to a Sonicwall
> running Enhanced OS 4.x? I have spent several hours on this, and have
> gotten nowhere.
> I've got a stripped down config in a test environment, and when I try to
> make a connection, I get
> root at mercury:/home/user1# ipsec up home
> initiating IKE_SA home[1] to xx.xx.xx.xxx
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from[500] to xx.xx.xx.xxxx[500]
> received packet: from xx.xx.xx.xxx[500] to[500]
> parsed IKE_SA_INIT response 0 [ N(INVAL_SYN) ]
> received INVALID_SYNTAX notify error
> root at mercury:/home/user1#

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list