Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

A problem to properly connect openSWAN to Sonicwall VPN server

Posted on 2013-10-26
1
Medium Priority
?
820 Views
Last Modified: 2013-12-28
The question is related to this one.

Our office has the SonicWall TZ 170 hardware firewall/VPN server.
My home machine is Debian GNU/Linux v7. I use the OpenSWAN package to connect to the VPN.

The problem is as follows:
I have to switch the VPN policy "Allow connection to" on the VPN server to "All Secured Gateways" in order to make my Linux box get connected. But that's not good, because all other Windows-based clients VPN claim they have access only to the office network, the internet connection is forbidden for them during their VPN session (The "Allow connection to" should be "Split Tunnels" to let them access the internet during a VPN session).
If I connect when the "Split Tunnels" is set then no error is given, but no office's node is reachable.

I tried also to check the "Set Default Route as this Gateway" and specified the address in the "Default LAN Gateway" (on the advanced tab of the TZ170's VPN policy page) to at least make the internet access via the VPN tunnel, but in this case I can not connect at all.

Attached is the screenshot of the VPN policy editor, ipsec.conf file, the log what I see on a successful connection, and the log on "Split Tunnels" (no differences though)

This how I establish the connection:
ipsec setup --start
sleep 8
ipsec whack --listen
sleep 8
ipsec whack --name sonicwall --initiate

Open in new window


This is a help page for the server's VPN policy:
http://help.mysonicwall.com/sw/eng/705/ui2/23100/VPN/VPN_Policy_GroupVPN_IKE_Preshared_Secret.htm
vpn1.png
ipsec.conf.txt
good.log
bad.log
0
Comment
Question by:zc2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 19

Accepted Solution

by:
zc2 earned 0 total points
ID: 39619333
Found a good guide:
http://www.golinuxhub.com/2012/10/openswan-configuration-on-red-hat-5-for.html

Following the guide made the VPN work.

The key changes:
1) /proc/sys/net/ipv4/ip_forward has to contain 1  (configured in the /etc/sysctl.conf)
2) regenerated the site private key by executing
ipsec newhostkey --output /etc/ipsec.secrets --bits 2048 --verbose
(with restoring the @GroupVPN @xxxxxxxxxxx : PSK "Pre Shared Key" string)
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question