[strongSwan] StrongSwan to Sonicwall TZ180W

Andreas Steffen andreas.steffen at strongswan.org
Sun Apr 1 10:27:22 CEST 2012 

DH Group 2 is modp1024 which you should set in ipsec.conf
in place of modp1536.

Regards

Andreas

On 04/01/2012 12:56 AM, Chris Arnold wrote:
> Been at this all day trying different things to get a tunnel built. I have found a config for this exact thing on the internet and am trying to adapt it to my needs. Good news is i am making to the sonicwall. Bad news is phase 1 fails:
> 255 03/31/2012 18:30:12.928 Error VPN IKE Payload processing failed stronswan.public.ip, 500 sonicwall.public.ip, 500 VPN Policy: WAN GroupVPN; Payload Type: SA   
> 256 03/31/2012 18:30:12.928 Warning VPN IKE IKE Responder: IKE proposal does not match (Phase 1) stronswan.public.ip, 500 sonicwall.public.ip, 500 VPN Policy: WAN GroupVPN   
> 257 03/31/2012 18:30:12.928 Warning VPN IKE IKE Responder: Phase 1 DH Group does not match stronswan.public.ip, 500 sonicwall.public.ip, 500 VPN Policy: WAN GroupVPN; Local DH Group2; Peer DH Group5   
> 258 03/31/2012 18:30:12.928 Info VPN IKE IKE Responder: Received Main Mode request (Phase 1) stronswan.public.ip, 500 sonicwall.public.ip, 500
> 
> Heres the sonicwall config:
> Auth method=ike with psk
> -IKE (Phase 1) Proposal 
> DH Group:  Group 2  
> Encryption:   3DES  
> Authentication:   SHA1  
> Life Time (seconds):   
> 
> -Ipsec (Phase 2) Proposal 
> Protocol:  ESP  
> Encryption:  3DES  
> Authentication:  SHA1  
> Enable Perfect Forward Secrecy=no  
> DH Group:  Group 1  
> Life Time (seconds):28800
> 
> 
> Heres the ipsec.conf:
> config setup
>         plutodebug=all
>         charonstart=yes
>         plutostart=yes
>         nat_traversal=yes
> 
> 
> conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=0
> 
> 
> # Add connections here.
> 
> conn home
>         type=tunnel
>         auto=add
>         authby=secret
>         ike=3des-sha1-modp1536
>         esp=3des-sha1
>         pfs=no
>         auth=esp
>         keyexchange=ikev1
>         left=aaa.bbb.ccc.ddd
>         #leftnexthop=gateway ip address on roadwarrior side
>         leftsubnet=aaa.bbb.ccc.0/24
>         #leftid=aaa.bbb.ccc.ddd
>         right=Sonicwall public address
>         rightsubnet=xxx.yyy.zzz.0/24
>         rightid=@Sonicwall Unique ID
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list