full of … these

openswan and sonicwall vpn tunnel

Posted: October 1st, 2009 | Author: | Filed under: howto, linux | Tags: , , , , | No Comments »

Two years ago I wrote an article about connecting openswan to checkpoint.

Here is a new example of connecting openswan to a sonicwall device.

ipsec.conf:

conn sonicwall
type=tunnel
# left=%defaultroute
left=serverip
leftsubnet=10.0.0.0/24
leftid=@macofserver #same on both ends
# leftxauthclient=yes
right=ipfosonicdevice
rightsubnet=192.168.0.0/24
# rightxauthserver=yes
rightid=@macsonicwall #add it as optional on the sonicwall interface
keyingtries=0
pfs=no
aggrmode=yes
auto=add
auth=esp
keyexchange=ike
esp=3des-sha1
ike=3des-sha1
authby=secret
# xauth=yes

ipsec.secrets:
@macofserver @macsonicwall : PSK "sasgSFgdasfg"

Start/Stop/Debugging:

ipsec setup --start
ipsec setup --stop
ipsec setup --restart

#after changes are made apply them
ipsec auto --replace sonicwall

#when debugging, it exists when it works
ipsec whack --name sonicwall --initiate

#after it works
ipsec auto --up sonicwall

Debug for phase1 and 2:
tcpdump -i eth0:0 host ipfosonicdevice
Logs:
tail -f /var/log/secure

References:
http://www.pelagodesign.com/blog/2009/05/18/ubuntu-linux-how-to-setup-a-vpn-connection-to-a-sonicwall-router-using-openswan-and-pre-shared-keys-psk/
http://www.sonicwall.com/downloads/SonicOS_Enhanced_to_Openswan_Using_GroupVPN_with_XAUTH.pdf


openswan & checkpoint vpn & PSK pre-shared key

Posted: November 12th, 2007 | Author: | Filed under: howto, linux | Tags: , , , , , , , , | 2 Comments »

Here is how I managed to successfully connect to a hardware vpn device using openswan and opensuse:

conn chkpnt
authby=secret
pfs=yes
keyexchange=ike
left=your.ip
right=vpn's.ip
auto=start

Easy…:)

/etc/init.d/ipsec restart


Check status and debug with:
ipsec auto --status
ipsec barf

Update:

Add: rightsubnet=ips.behind.vpn.box to to get in touch with remote network.