We help IT Professionals succeed at work.

Problem to make a VPN from Linux to Sonicwall

I need help to establish a VPN connection from my home Linux box (Debian 10) to office's SonicWall TZ300 using strongswan ipsec.
Here is my config files:/etc/ipsec.conf
conn GroupVPN
        auto=add
        left=%any
        leftid=@GroupVPN
        leftsourceip=%config4
        leftsubnet=192.168.1.2/32
        leftfirewall=yes

        right=<SW_IPaddress>
        rightid=@<UniqueFirewallIdentifier>
        rightsubnet=10.0.0.0/24

        keyexchange=ikev1
        keyingtries=0
# aggressive=yes disabled by default when auth by PSK. It's enabled by setting
# charon.i_dont_care_about_security_and_use_aggressive_mode_psk=yes in strongswan.conf
# see https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Aggressive-Mode
        aggressive=yes
# see https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
        ike=3des-sha1-modp1536!
        esp=3des-sha1-modp1536!
        authby=xauthpsk
        xauth_identity=<MyUserName>
        ikelifetime=8h

#include /var/lib/strongswan/ipsec.conf.inc

Open in new window

/etc/ipsec.secret
#include /var/lib/strongswan/ipsec.secrets.inc

@GroupVPN @<UniqueFirewallIdentifier> : PSK <SharedSecret>
<MyUserName> : XAUTH "<MyUserPassword>"

Open in new window



# ipsec statusall
Status of IKE charon daemon (weakSwan 5.7.2, Linux 4.19.75+, armv6l):
  uptime: 2 seconds, since Jan 28 19:02:33 2020
  malloc: sbrk 811008, mmap 0, used 468032, free 342976
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon test-vectors ldap pkcs11 tpm aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
Listening IP addresses:
  192.168.1.2
Connections:
    GroupVPN:  %any...<SW_IPaddress>  IKEv1 Aggressive
    GroupVPN:   local:  [GroupVPN] uses pre-shared key authentication
    GroupVPN:   local:  [GroupVPN] uses XAuth authentication: any with XAuth identity '<MyUserName>'
    GroupVPN:   remote: [<UniqueFirewallIdentifier>] uses pre-shared key authentication
    GroupVPN:   child:  192.168.1.2/32 === 10.0.0.0/24 TUNNEL
Security Associations (0 up, 0 connecting):
  none

Open in new window

GroupVPN policy/AdvancedVPN/Advanced SettingsFrom SonicWall log (most recent at the top):
12:55:21 Jan 28	403	VPN	Inform	IKE negotiation aborted due to Timeout	                            <SW_IPaddress>, 4500	<SW_IPaddress>, 4500	udp	VPN Policy: WAN GroupVPN	
12:54:45 Jan 28	931	VPN	Inform	IKE Responder: Remote party Timeout - Retransmitting IKE Request.	<SW_IPaddress>, 4500	   <MyHomePublicIPaddress>, 4500	udp	VPN Policy: WAN GroupVPN	
12:54:28 Jan 28	931	VPN	Inform	IKE Responder: Remote party Timeout - Retransmitting IKE Request.	<SW_IPaddress>, 4500	   <MyHomePublicIPaddress>, 4500	udp	VPN Policy: WAN GroupVPN	
12:54:19 Jan 28	931	VPN	Inform	IKE Responder: Remote party Timeout - Retransmitting IKE Request.	<SW_IPaddress>, 4500	   <MyHomePublicIPaddress>, 4500	udp	VPN Policy: WAN GroupVPN	
12:54:13 Jan 28	356	VPN	Inform	IKE Responder: Received Aggressive Mode Request (Phase 1)	           <MyHomePublicIPaddress>, 4500	<SW_IPaddress>, 4500	udp		
12:53:42 Jan 28	356	VPN	Inform	IKE Responder: Received Aggressive Mode Request (Phase 1)	           <MyHomePublicIPaddress>, 500	<SW_IPaddress>, 500	udp		

12:53:42 Jan 28	139	VPN	Inform	XAUTH Succeeded with VPN client	                                       <MyHomePublicIPaddress>, 4500	<SW_IPaddress>, 4500			
12:53:42 Jan 28	237	Users	Inform	VPN zone remote user login allowed	                               <MyHomePublicIPaddress>, X1	    <SW_IPaddress>, 0, X1	tcp	<MyUserName>	
12:53:42 Jan 28	373	VPN	Inform	IKE Responder: Aggressive Mode complete (Phase 1)	                   <MyHomePublicIPaddress>, 4500	<SW_IPaddress>, 4500		VPN Policy: WAN GroupVPN;3DES; SHA1; DH Group 5; lifetime=28800 secs	
12:53:42 Jan 28	356	VPN	Inform	IKE Responder: Received Aggressive Mode Request (Phase 1)	           <MyHomePublicIPaddress>, 500	<SW_IPaddress>, 500	udp		

12:53:42 Jan 28	139	VPN	Inform	XAUTH Succeeded with VPN client	                                       <MyHomePublicIPaddress>, 4500	<SW_IPaddress>, 4500			
12:53:42 Jan 28	237	Users	Inform	VPN zone remote user login allowed	                               <MyHomePublicIPaddress>, X1	    <SW_IPaddress>, 0, X1	tcp	<MyUserName>	
12:53:42 Jan 28	373	VPN	Inform	IKE Responder: Aggressive Mode complete (Phase 1)	                   <MyHomePublicIPaddress>, 4500	<SW_IPaddress>, 4500		VPN Policy: WAN GroupVPN;3DES; SHA1; DH Group 5; lifetime=28800 secs	
12:53:42 Jan 28	356	VPN	Inform	IKE Responder: Received Aggressive Mode Request (Phase 1)	           <MyHomePublicIPaddress>, 500	<SW_IPaddress>, 500	udp		

12:53:42 Jan 28	139	VPN	Inform	XAUTH Succeeded with VPN client	                                       <MyHomePublicIPaddress>, 4500	<SW_IPaddress>, 4500			
12:53:42 Jan 28	237	Users	Inform	VPN zone remote user login allowed	                               <MyHomePublicIPaddress>, X1	    <SW_IPaddress>, 0, X1	tcp	<MyUserName>	
12:53:42 Jan 28	373	VPN	Inform	IKE Responder: Aggressive Mode complete (Phase 1)	                   <MyHomePublicIPaddress>, 4500	<SW_IPaddress>, 4500		VPN Policy: WAN GroupVPN;3DES; SHA1; DH Group 5; lifetime=28800 secs	

Open in new window


From  /var/log/daemon.log
Jan 28 17:53:42 <LinuxBoxName> charon: 16[IKE] initiating Aggressive Mode IKE_SA GroupVPN[83] to <SW_IPaddress>
Jan 28 17:53:42 <LinuxBoxName> charon: 16[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
Jan 28 17:53:42 <LinuxBoxName> charon: 16[NET] sending packet: from 192.168.1.2[500] to <SW_IPaddress>[500] (424 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 08[NET] received packet: from <SW_IPaddress>[500] to 192.168.1.2[500] (468 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 08[ENC] parsed AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D V V HASH ]
Jan 28 17:53:42 <LinuxBoxName> charon: 08[ENC] received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6
Jan 28 17:53:42 <LinuxBoxName> charon: 08[ENC] received unknown vendor ID: 5b:36:2b:c8:20:f6:00:07
Jan 28 17:53:42 <LinuxBoxName> charon: 08[IKE] received NAT-T (RFC 3947) vendor ID
Jan 28 17:53:42 <LinuxBoxName> charon: 08[IKE] received DPD vendor ID
Jan 28 17:53:42 <LinuxBoxName> charon: 08[IKE] received XAuth vendor ID
Jan 28 17:53:42 <LinuxBoxName> charon: 08[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Jan 28 17:53:42 <LinuxBoxName> charon: 08[IKE] local host is behind NAT, sending keep alives
Jan 28 17:53:42 <LinuxBoxName> charon: 08[ENC] generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
Jan 28 17:53:42 <LinuxBoxName> charon: 08[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (108 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 12[NET] received packet: from <SW_IPaddress>[4500] to 192.168.1.2[4500] (76 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 12[ENC] parsed TRANSACTION request 650895681 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 12[ENC] generating TRANSACTION response 650895681 [ HASH CPRP(X_USER X_PWD) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 12[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (84 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 10[NET] received packet: from <SW_IPaddress>[4500] to 192.168.1.2[4500] (84 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 10[IKE] queueing INFORMATIONAL_V1 request as tasks still active
Jan 28 17:53:42 <LinuxBoxName> charon: 15[NET] received packet: from <SW_IPaddress>[4500] to 192.168.1.2[4500] (68 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 15[ENC] parsed TRANSACTION request 1705547363 [ HASH CPS(X_STATUS) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 15[IKE] XAuth authentication of '<MyUserName>' (myself) successful
Jan 28 17:53:42 <LinuxBoxName> charon: 15[IKE] IKE_SA GroupVPN[83] established between 192.168.1.2[GroupVPN]...<SW_IPaddress>[18B16984B754]
Jan 28 17:53:42 <LinuxBoxName> charon: 15[IKE] scheduling reauthentication in 27809s
Jan 28 17:53:42 <LinuxBoxName> charon: 15[IKE] maximum IKE_SA lifetime 28349s
Jan 28 17:53:42 <LinuxBoxName> charon: 15[ENC] generating TRANSACTION response 1705547363 [ HASH CPA(X_STATUS) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 15[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (68 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 15[ENC] parsed INFORMATIONAL_V1 request 3433338098 [ HASH N(INITIAL_CONTACT) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 15[ENC] generating TRANSACTION request 3678048150 [ HASH CPRQ(ADDR DNS) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 15[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (76 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 06[NET] received packet: from <SW_IPaddress>[4500] to 192.168.1.2[4500] (84 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 06[ENC] parsed INFORMATIONAL_V1 request 961710964 [ HASH D ]
Jan 28 17:53:42 <LinuxBoxName> charon: 06[IKE] received DELETE for IKE_SA GroupVPN[83]
Jan 28 17:53:42 <LinuxBoxName> charon: 06[IKE] deleting IKE_SA GroupVPN[83] between 192.168.1.2[GroupVPN]...<SW_IPaddress>[18B16984B754]

Jan 28 17:53:42 <LinuxBoxName> charon: 06[IKE] initiating Aggressive Mode IKE_SA GroupVPN[84] to <SW_IPaddress>
Jan 28 17:53:42 <LinuxBoxName> charon: 06[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
Jan 28 17:53:42 <LinuxBoxName> charon: 06[NET] sending packet: from 192.168.1.2[500] to <SW_IPaddress>[500] (424 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 14[NET] received packet: from <SW_IPaddress>[500] to 192.168.1.2[500] (468 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 14[ENC] parsed AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D V V HASH ]
Jan 28 17:53:42 <LinuxBoxName> charon: 14[ENC] received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6
Jan 28 17:53:42 <LinuxBoxName> charon: 14[ENC] received unknown vendor ID: 5b:36:2b:c8:20:f6:00:07
Jan 28 17:53:42 <LinuxBoxName> charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
Jan 28 17:53:42 <LinuxBoxName> charon: 14[IKE] received DPD vendor ID
Jan 28 17:53:42 <LinuxBoxName> charon: 14[IKE] received XAuth vendor ID
Jan 28 17:53:42 <LinuxBoxName> charon: 14[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Jan 28 17:53:42 <LinuxBoxName> charon: 14[IKE] local host is behind NAT, sending keep alives
Jan 28 17:53:42 <LinuxBoxName> charon: 14[ENC] generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
Jan 28 17:53:42 <LinuxBoxName> charon: 14[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (108 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 11[NET] received packet: from <SW_IPaddress>[4500] to 192.168.1.2[4500] (76 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 11[ENC] parsed TRANSACTION request 4050469456 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 11[ENC] generating TRANSACTION response 4050469456 [ HASH CPRP(X_USER X_PWD) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 11[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (84 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 08[NET] received packet: from <SW_IPaddress>[4500] to 192.168.1.2[4500] (84 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 08[IKE] queueing INFORMATIONAL_V1 request as tasks still active
Jan 28 17:53:42 <LinuxBoxName> charon: 13[NET] received packet: from <SW_IPaddress>[4500] to 192.168.1.2[4500] (68 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 13[ENC] parsed TRANSACTION request 17491150 [ HASH CPS(X_STATUS) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 13[IKE] XAuth authentication of '<MyUserName>' (myself) successful
Jan 28 17:53:42 <LinuxBoxName> charon: 13[IKE] IKE_SA GroupVPN[84] established between 192.168.1.2[GroupVPN]...<SW_IPaddress>[18B16984B754]
Jan 28 17:53:42 <LinuxBoxName> charon: 13[IKE] scheduling reauthentication in 28189s
Jan 28 17:53:42 <LinuxBoxName> charon: 13[IKE] maximum IKE_SA lifetime 28729s
Jan 28 17:53:42 <LinuxBoxName> charon: 13[ENC] generating TRANSACTION response 17491150 [ HASH CPA(X_STATUS) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 13[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (68 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 13[ENC] parsed INFORMATIONAL_V1 request 2399364449 [ HASH N(INITIAL_CONTACT) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 13[ENC] generating TRANSACTION request 3534717493 [ HASH CPRQ(ADDR DNS) ]
Jan 28 17:53:42 <LinuxBoxName> charon: 13[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (76 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 12[NET] received packet: from <SW_IPaddress>[4500] to 192.168.1.2[4500] (84 bytes)
Jan 28 17:53:42 <LinuxBoxName> charon: 12[ENC] parsed INFORMATIONAL_V1 request 2125913632 [ HASH D ]
Jan 28 17:53:42 <LinuxBoxName> charon: 12[IKE] received DELETE for IKE_SA GroupVPN[84]
Jan 28 17:53:42 <LinuxBoxName> charon: 12[IKE] deleting IKE_SA GroupVPN[84] between 192.168.1.2[GroupVPN]...<SW_IPaddress>[18B16984B754]
--------------
Jan 28 17:53:42 <LinuxBoxName> charon: 12[IKE] initiating Aggressive Mode IKE_SA GroupVPN[85] to <SW_IPaddress>
Jan 28 17:53:42 <LinuxBoxName> charon: 12[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
Jan 28 17:53:42 <LinuxBoxName> charon: 12[NET] sending packet: from 192.168.1.2[500] to <SW_IPaddress>[500] (424 bytes)
Jan 28 17:53:43 <LinuxBoxName> charon: 15[NET] received packet: from <SW_IPaddress>[500] to 192.168.1.2[500] (468 bytes)
Jan 28 17:53:43 <LinuxBoxName> charon: 15[ENC] parsed AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D V V HASH ]
Jan 28 17:53:43 <LinuxBoxName> charon: 15[ENC] received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6
Jan 28 17:53:43 <LinuxBoxName> charon: 15[ENC] received unknown vendor ID: 5b:36:2b:c8:20:f6:00:07
Jan 28 17:53:43 <LinuxBoxName> charon: 15[IKE] received NAT-T (RFC 3947) vendor ID
Jan 28 17:53:43 <LinuxBoxName> charon: 15[IKE] received DPD vendor ID
Jan 28 17:53:43 <LinuxBoxName> charon: 15[IKE] received XAuth vendor ID
Jan 28 17:53:43 <LinuxBoxName> charon: 15[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Jan 28 17:53:43 <LinuxBoxName> charon: 15[IKE] local host is behind NAT, sending keep alives
Jan 28 17:53:43 <LinuxBoxName> charon: 15[ENC] generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
Jan 28 17:53:43 <LinuxBoxName> charon: 15[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (108 bytes)
Jan 28 17:53:43 <LinuxBoxName> charon: 14[NET] received packet: from <SW_IPaddress>[4500] to 192.168.1.2[4500] (204 bytes)
Jan 28 17:53:43 <LinuxBoxName> charon: 14[ENC] parsed INFORMATIONAL_V1 request 798746442 [ N(INVAL_IKE_SPI) ]
Jan 28 17:53:43 <LinuxBoxName> charon: 14[ENC] ignoring unprotected INFORMATIONAL from <SW_IPaddress>
Jan 28 17:53:43 <LinuxBoxName> charon: 14[IKE] message verification failed
Jan 28 17:53:43 <LinuxBoxName> charon: 14[IKE] ignore malformed INFORMATIONAL request
Jan 28 17:53:43 <LinuxBoxName> charon: 14[IKE] INFORMATIONAL_V1 request with message ID 798746442 processing failed
Jan 28 17:54:07 <LinuxBoxName> charon: 08[IKE] sending keep alive to <SW_IPaddress>[4500]
Jan 28 17:54:13 <LinuxBoxName> charon: 05[JOB] peer did not initiate expected exchange, reestablishing IKE_SA
--------------
Jan 28 17:54:13 <LinuxBoxName> charon: 05[IKE] reinitiating IKE_SA GroupVPN[85]
Jan 28 17:54:13 <LinuxBoxName> charon: 05[IKE] initiating Aggressive Mode IKE_SA GroupVPN[85] to <SW_IPaddress>
Jan 28 17:54:13 <LinuxBoxName> charon: 05[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
Jan 28 17:54:13 <LinuxBoxName> charon: 05[NET] sending packet: from 192.168.1.2[4500] to <SW_IPaddress>[4500] (424 bytes)
Jan 28 17:54:28 <LinuxBoxName> charon: 00[DMN] signal of type SIGINT received. Shutting down

Open in new window


As you can see from the logs, after XAUTH Succeeded, a new (Phase 1) request is received. And that repeats again and again.

Please don't suggest to use SSL VPN, since we have only one VPN license and it actually does not work very stable.

Thank you in advance.
Comment
Watch Question

Author

Commented:
Thank you for the link, yes, I did see that article. However, it describes a site to site connection, which is not suitable in my case since my home public IP address is dynamic and I don't want to reconfigure the SW VPN settings each time it changes. Actually I did try to create a site to site setup as described there, just for testing purposes, but it also failed. I don't remember what was the last point I had reached, but If you think that would help, I can restore that back and try again, but the point is I need a groupVPN access like other users can do with their Windows home machines.

Author

Commented:
This one describes openswan (not strongswan) configuration and also the Sonicwall OS version they use is quite old too. At the time we had old Sonicwall TZ170 I was able to connect to it using openswan. But now we have other model of Sonicwall TZ300 and even though there is still a debian package called "libreswan", as I found in other articles, its preferable to use strongswan instead.
It seems complicated

how other micro$ Windows system able to connect through the sonicwall currently?

Regards

Author

Commented:
There is a special VPN client software called "Sonicwall Global VPN client". It connects just fine.
But no version for Linux isn't it ?
Did you tried NetExtender already ?

Author

Commented:
Correct. There is only SSL VPN Linux version which is quite glitchy.

Author

Commented:
I did. NetExtender is glitchy, it disconnects often plus its UI version consumers memory (there are leaks or something). Also, as I mentioned in the topic starter, I asked not to suggest to use it because we have only one SSL VPN license, but plenty of regular VPN licenses.
But you said  you dont want ssl vpn solution but without static IP ..... not easy tosetup IPSEC tunnel
an other way is to setup another VPN techno behind the sonicwall and you  will create a VIP to this other VPN system

Author

Commented:
Like I said before, I was able to setup a working connection without static IP using openswan and old sonicwall model in the GropVPN policy mode (not site to site). The new sonicwall admin UI offer the same options so I assume that ability should still be enabled. But it does not work for some reason...

Author

Commented:
I actually do have OpenVPN installed on one of the office servers. I used to connect to it instead, but I'd like to find out how to connect to sonicwall if that possible.
I hope you find a solution but i dont think i can help you more , regarding all informations i see on forums people advise use ssl vpn instead
I understand your constraints

Regards
I contacted SonicWall customer service. Was told that StrongSWAN is not supported.

Author

Commented:
Even though Sonicwall support told me that strongswan is not supported, I've finally made it work.
On SonicWALL GroupVPN policy editor I checked the checkbox "Advanced/Enable IKE Mode Configuration" and set an IP pool.
Congrats