[Swan] Trying to connect to sonicwall

Alwyn Schoeman alwyn.schoeman at gmail.com
Thu Feb 25 14:12:27 UTC 2021 

Hi there,

FIrst off, the ciphers used are old, I know that but can't change it.

I am trying to connect to a SonicWall VPN setup for global vpn clients.

I have compiled libreswan to support DH2.

Client is a laptop on my home network, behind a TP-LINK router (doing NAT)
with a dynamically assigned IP on the WAN.

My config is the following:

conn sonic
        ikev2=no
        leftid=@GroupVPN
        leftxauthusername=alwyn
        ike=aes_cbc-sha;modp1024
        esp=aes_cbc-sha;modp1024
        right=<sonicwall IP address>
        rightid=@C0EAE402FFB8
        initial-contact=yes
        # nat-ikev1=drafts
        # cisco_unity=yes
        aggrmode=yes
        authby=secret
        left=%defaultroute
        leftxauthclient=yes
        leftmodecfgclient=yes
        remote_peer_type=cisco
        rightxauthserver=yes
        rightmodecfgserver=yes
        salifetime=24h
        #ikelifetime=1h
        ikelifetime=24h
        dpdaction=restart
        dpdtimeout=60
        dpddelay=30
        auto=add
        rekey=no
        modecfgpull=yes
#       type=tunnel
#       pfs=yes

When I restart IPSEC, this is what the logs says:

Feb 25 09:09:03 alwyn-hp pluto[859886]: "sonic": added IKEv1 connection
Feb 25 09:09:03 alwyn-hp pluto[859886]: listening for IKE messages
Feb 25 09:09:03 alwyn-hp pluto[859886]: Kernel supports NIC esp-hw-offload
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface virbr1
192.168.39.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface virbr1
192.168.39.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface
br-8e1865506143 172.19.0.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface
br-8e1865506143 172.19.0.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface docker0
172.17.0.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface docker0
172.17.0.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface virbr0
192.168.122.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface virbr0
192.168.122.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface wlp3s0
192.168.0.140:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface wlp3s0
192.168.0.140:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface lo
127.0.0.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface lo
127.0.0.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface lo [::1]:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: loading secrets from
"/etc/ipsec.secrets"
Feb 25 09:09:03 alwyn-hp pluto[859886]: loading secrets from
"/etc/ipsec.d/sonic.secrets"

wlp3s0 is my wifi interface.

When I do 'ipsec auto --up sonic"  I get the following log:

003 "tutuka" #1: IKEv1 Aggressive Mode with PSK is vulnerable to dictionary
attacks and is cracked on large scale by TLA's
002 "tutuka" #1: initiating IKEv1 Aggressive Mode connection
110 "tutuka" #1: sent Aggressive Mode request
003 "tutuka" #1: ignoring unknown Vendor ID payload [5b 36 2b c8  20 f6 00
07]
002 "tutuka" #1: Peer ID is ID_FQDN: '@C0EAE402FFB8'
002 "tutuka" #1: Peer ID is ID_FQDN: '@C0EAE402FFB8'
004 "tutuka" #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256
integ=HMAC_SHA1 group=MODP1024}
003 "tutuka" #1: received and ignored notification payload:
IPSEC_RESPONDER_LIFETIME
002 "tutuka" #1: XAUTH: Answering XAUTH challenge with user='alwyn'
004 "tutuka" #1: XAUTH client - possibly awaiting CFG_set
{auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP1024}
003 "tutuka" #1: ignoring informational payload IPSEC_INITIAL_CONTACT,
msgid=00000000, length=28
003 "tutuka" #1: received and ignored notification payload:
IPSEC_INITIAL_CONTACT
002 "tutuka" #1: XAUTH: Successfully Authenticated
004 "tutuka" #1: XAUTH client - possibly awaiting CFG_set
{auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP1024}
002 "tutuka" #1: modecfg: Sending IP request (MODECFG_I1)
003 "tutuka" #1: received Delete SA payload: self-deleting ISAKMP State #1
002 "tutuka" #1: deleting state (STATE_MODE_CFG_I1) aged 1.361573s and
sending notification

My noob gut tells me I am supposed to get IP information sent, but I'm not
even sure if I am done authenticating.

Any input welcome!

Regards,
Alwyn Schoeman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210225/83660fc5/attachment.html>

More information about the Swan mailing list