[strongSwan] StrongSwan to Sonicwall TZ180W
Chris Arnold
carnold at electrichendrix.com
Sun Apr 1 00:56:35 CEST 2012
Been at this all day trying different things to get a tunnel built. I have found a config for this exact thing on the internet and am trying to adapt it to my needs. Good news is i am making to the sonicwall. Bad news is phase 1 fails:
255 03/31/2012 18:30:12.928 Error VPN IKE Payload processing failed stronswan.public.ip, 500 sonicwall.public.ip, 500 VPN Policy: WAN GroupVPN; Payload Type: SA
256 03/31/2012 18:30:12.928 Warning VPN IKE IKE Responder: IKE proposal does not match (Phase 1) stronswan.public.ip, 500 sonicwall.public.ip, 500 VPN Policy: WAN GroupVPN
257 03/31/2012 18:30:12.928 Warning VPN IKE IKE Responder: Phase 1 DH Group does not match stronswan.public.ip, 500 sonicwall.public.ip, 500 VPN Policy: WAN GroupVPN; Local DH Group2; Peer DH Group5
258 03/31/2012 18:30:12.928 Info VPN IKE IKE Responder: Received Main Mode request (Phase 1) stronswan.public.ip, 500 sonicwall.public.ip, 500
Heres the sonicwall config:
Auth method=ike with psk
-IKE (Phase 1) Proposal
DH Group: Group 2
Encryption: 3DES
Authentication: SHA1
Life Time (seconds):
-Ipsec (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy=no
DH Group: Group 1
Life Time (seconds):28800
Heres the ipsec.conf:
config setup
plutodebug=all
charonstart=yes
plutostart=yes
nat_traversal=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=0
# Add connections here.
conn home
type=tunnel
auto=add
authby=secret
ike=3des-sha1-modp1536
esp=3des-sha1
pfs=no
auth=esp
keyexchange=ikev1
left=aaa.bbb.ccc.ddd
#leftnexthop=gateway ip address on roadwarrior side
leftsubnet=aaa.bbb.ccc.0/24
#leftid=aaa.bbb.ccc.ddd
right=Sonicwall public address
rightsubnet=xxx.yyy.zzz.0/24
rightid=@Sonicwall Unique ID
More information about the Users
mailing list