[Swan] SonicWALL

zc2 zc2expert at gmail.com
Fri Feb 14 22:47:28 UTC 2020


Hi,

I am trying to connect to my office's SonicWall TZ300 firewall. The 
Phase1 completes, but the Phase2 fails with the message in the 
sonicwall's log:
"IKE Responder: WAN GroupVPN Policy does not allow static IP for Virtual 
Adapter."

I tried to set left=%any, but then libreswan throws the following error on
# ipsec whack --name sonicwall --initiate
022 "sonicwall": We cannot identify ourselves with either end of this 
connection.  <sonicwallPublicIP> or 0.0.0.0 are not usable

My ipsec.conf:
conn sonicwall
         auto=add
#        left=%any
         left=%defaultroute
         leftid=@GroupVPN
         leftsubnet=192.168.1.2/32
         leftxauthclient=yes
         right=<sonicwallPublicIP>
         rightid=@<sonicwallID>
         rightsubnet=10.0.0.0/24
         keyingtries=0
         aggressive=yes
         authby=secret
         ike=3des-sha1;modp1536
         pfs=yes
         phase2alg=3des-sha1;modp1536
         ikelifetime=8h

Please help.


More information about the Swan mailing list