[Swan] SonicWALL
zc2
zc2expert at gmail.com
Fri Feb 14 22:47:28 UTC 2020
Hi,
I am trying to connect to my office's SonicWall TZ300 firewall. The
Phase1 completes, but the Phase2 fails with the message in the
sonicwall's log:
"IKE Responder: WAN GroupVPN Policy does not allow static IP for Virtual
Adapter."
I tried to set left=%any, but then libreswan throws the following error on
# ipsec whack --name sonicwall --initiate
022 "sonicwall": We cannot identify ourselves with either end of this
connection. <sonicwallPublicIP> or 0.0.0.0 are not usable
My ipsec.conf:
conn sonicwall
auto=add
# left=%any
left=%defaultroute
leftid=@GroupVPN
leftsubnet=192.168.1.2/32
leftxauthclient=yes
right=<sonicwallPublicIP>
rightid=@<sonicwallID>
rightsubnet=10.0.0.0/24
keyingtries=0
aggressive=yes
authby=secret
ike=3des-sha1;modp1536
pfs=yes
phase2alg=3des-sha1;modp1536
ikelifetime=8h
Please help.
More information about the Swan
mailing list