[Swan] Usage of leftaddresspool with SonicOs Enhanced
Davide Fanciola
dfanciola at gmail.com
Tue Jun 11 17:43:34 EEST 2013
Hello,
I'm trying to use the new "leftaddresspool" options with a SonicWall
default GroupVPN with DHCP. The idea is to mimic the Windows client so
that VPN users are all confined in a specific range.
Here is my config :
**************
config setup
protostack=netkey
interfaces="%defaultroute"
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,
%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,
%v6:fe80::/10,%v4:!172.16.0.0/23
conn sonic
type=tunnel
left=%defaultroute
leftid=@GroupVPN
leftxauthclient=yes
leftxauthusername=<my_user>
leftaddresspool=172.16.0.90-172.16.0.100
right=<sonic_ip>
rightid=@<sonic_id>
rightsubnet=0.0.0.0/0
rightxauthserver=yes
keyingtries=0
pfs=no
aggrmode=yes
keyexchange=ike
auto=add
auth=esp
ike=3des-sha1
ikev2=never
phase2alg=3des-sha1
authby=secret
**************
With this configuration phase 2 will not complete blocking at
STATE_QUICK_I1.
Switching rightsubnet from "0.0.0.0/0" to "172.16.0.0/23" allow the
connection to complete, but the client source ip is unchanged (i.e the
real home LAN address).
I've also tried different ranges, one matching the DHCP range, one
outside the DHCP range but still in the rightsubnet and finally a
totally new range/subnet, but still no luck.
On the SonicWall i have activated "Accept Multiple Proposal from client"
and also changed the "VPN Access" from "LAN Subnets" to "0.0.0.0/0",
with no effects on my problem.
Does anyone have some hints on what i am doing wrong?
Thanks in advance,
Cheers,
Davide
More information about the Swan
mailing list