[strongSwan] StrongSWAN 5.3.5 <-> Dell Sonicwall showing multiple connections

Mahesh Neelakanta neelakanta at gmail.com
Mon Nov 21 22:55:20 CET 2016


I am trying to setup a IkeV2 VPN connection between a StrongSWAN 5.3.5
system and a Dell Sonicwall. In doing so, it seems like the strongswan side
sees the connection as up but  sonicwall side does not. Furthermore, the
statusall output shows what looks like a second connection/tunnel trying to
be established.

Any ideas/suggestions appreciated. Logs are large so I've put them on
pastebin.

*Log output (level 2)*

http://pastebin.com/mZEkRTTp

*Config*

config setup
   uniqueids=no

conn %default
   left=%defaultroute
   leftid=51.15.85.15
   keyingtries=%forever
   keyexchange=ikev1
   type=tunnel
   compress=no
   authby=secret
   auto=start
   dpdaction=none

conn vpn-basf-prd  #NOAUTO
   leftsubnet=51.76.21.161/32   # enterprise-mirth-01
   right=191.25.81.121
   rightid=191.25.81.121
   rightsubnet=10.10.10.105/32
   ike=aes256-sha1-modp1024
   esp=aes256-sha1-modp1024
   keyexchange=ikev2
   ikelifetime=86400s
   keylife=28800s


*ipsec statusall output*

vpn-basf-prd:  %any...191.25.81.121  IKEv2
vpn-basf-prd:   local:  [51.15.85.15] uses pre-shared key authentication
vpn-basf-prd:   remote: [191.25.81.121] uses pre-shared key authentication
vpn-basf-prd:   child:  51.76.21.161/32 === 10.10.10.105/32 TUNNEL
vpn-basf-prd[73]: ESTABLISHED 2 seconds ago,
10.20.1.18[51.15.85.15]...191.25.81.121[191.25.81.121]
vpn-basf-prd[73]: IKEv2 SPIs: 41cb5d5c3cb88170_i 51f00949b54db925_r*,
pre-shared key reauthentication in 23 hours
vpn-basf-prd[73]: IKE proposal:
AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
vpn-basf-prd{141}:  INSTALLED, TUNNEL, reqid 128, ESP in UDP SPIs:
cb81da30_i 84d00d14_o
vpn-basf-prd{141}:  AES_CBC_256/HMAC_SHA1_96, 0 bytes_i, 168 bytes_o (2
pkts, 1s ago), rekeying in 7 hours
vpn-basf-prd{141}:   51.76.21.161/32 === 10.10.10.105/32
vpn-basf-prd[19]: CONNECTING,
10.20.1.18[51.15.85.15]...191.25.81.121[191.25.81.121]
vpn-basf-prd[19]: IKEv2 SPIs: 5e925fa468fc0409_i* f367cd479c87f8a7_r
vpn-basf-prd[19]: IKE proposal:
AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
vpn-basf-prd[19]: Tasks active: IKE_CERT_PRE IKE_AUTH IKE_CERT_POST
IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME IKE_MOBIK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161121/81a73c5c/attachment.html>


More information about the Users mailing list