[strongSwan] can't connect to SonicWall VPN with strongSwan

Dave Schmidt someguyfromiowa at gmail.com
Tue Feb 13 06:33:05 CET 2018


Hello,
I am attempting to remotely connect my home computer to my employer's
intranet via their SonicWall NSA240. I have been able to easily connect
with Sonicwall's Global VPN client from Windows 7, but so far after about a
week of struggling I have not been able to connect from Ubuntu 16.04 with
strongSwan 5.6.1.

The Sonicwall is configured for IKEv1 using xauth-psk in Aggressive Mode.

My computer gets a DHCP public and private IP address from its cellular
hotspot connection.
My goal is to authenticate with the SonicWALL and then receive a
dynamically assigned virtual internal IP for my home computer. So far I
have only been able to complete IKE phase 1 with strongSwan, but not phase
2.

Hopefully the messages below will provide some clues. The last 7 lines are
always the same no matter the settings I try. If necessary I can share my
ipsec.conf file. I also have the config file for the Global VPN client from
Windows if that would help. The only change I made in charon.conf was to
uncomment the following line:
accept_unencrypted_mainmode_messages = yes

This is what I see in my terminal after 'sudo ipsec up test3' starting
after IKE phase 1:
XAuth authentication of '<userid>' (myself) successful
IKE_SA TEST3[1] established between
192.168.1.34[192.168.1.34]...xxx.xxx.xxx.xxx[yyyyyy]
scheduling reauthentication in 27855s
maximum IKE_SA lifetime 28395s
generating TRANSACTION response 1072426005 [ HASH CPA(X_STATUS) ]
sending packet: from 192.168.1.34[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
assigning new lease to 'yyyyyyy'
assigning virtual IP 10.1.30.1 to peer 'yyyyyyy'
generating TRANSACTION request 420617457 [ HASH CPS(ADDR) ]
sending packet: from 192.168.1.34[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
received packet: from xxx.xxx.xxx.xxx[4500] to 192.168.1.34[4500] (92 bytes)
parsed INFORMATIONAL_V1 request 2093927451 [ HASH D ]
received DELETE for IKE_SA TEST3[1]
deleting IKE_SA TEST3[1] between
192.168.1.34[192.168.1.34]...xxx.xxx.xxx.xxx[yyyyyyyyy]
initiating Aggressive Mode IKE_SA TEST3[2] to xxx.xxx.xxx.xxx
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
sending packet: from 192.168.1.34[500] to xxx.xxx.xxx.xxx[500] (396 bytes)
establishing connection 'test3' failed

Thanks for any help! I didn't know anything about VPN/IPsec before last
week and still don't other than what I have learned from the strongSwan
documentation, so please bear with me.

Dave
-- 
GPG public key ID: 42AE9528
http://www.openpgp.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180212/f59bda9f/attachment.html>


More information about the Users mailing list