[Swan] Trying to connect to sonicwall
Alwyn Schoeman
alwyn.schoeman at gmail.com
Thu Feb 25 14:12:27 UTC 2021
Hi there,
FIrst off, the ciphers used are old, I know that but can't change it.
I am trying to connect to a SonicWall VPN setup for global vpn clients.
I have compiled libreswan to support DH2.
Client is a laptop on my home network, behind a TP-LINK router (doing NAT)
with a dynamically assigned IP on the WAN.
My config is the following:
conn sonic
ikev2=no
leftid=@GroupVPN
leftxauthusername=alwyn
ike=aes_cbc-sha;modp1024
esp=aes_cbc-sha;modp1024
right=<sonicwall IP address>
rightid=@C0EAE402FFB8
initial-contact=yes
# nat-ikev1=drafts
# cisco_unity=yes
aggrmode=yes
authby=secret
left=%defaultroute
leftxauthclient=yes
leftmodecfgclient=yes
remote_peer_type=cisco
rightxauthserver=yes
rightmodecfgserver=yes
salifetime=24h
#ikelifetime=1h
ikelifetime=24h
dpdaction=restart
dpdtimeout=60
dpddelay=30
auto=add
rekey=no
modecfgpull=yes
# type=tunnel
# pfs=yes
When I restart IPSEC, this is what the logs says:
Feb 25 09:09:03 alwyn-hp pluto[859886]: "sonic": added IKEv1 connection
Feb 25 09:09:03 alwyn-hp pluto[859886]: listening for IKE messages
Feb 25 09:09:03 alwyn-hp pluto[859886]: Kernel supports NIC esp-hw-offload
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface virbr1
192.168.39.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface virbr1
192.168.39.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface
br-8e1865506143 172.19.0.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface
br-8e1865506143 172.19.0.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface docker0
172.17.0.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface docker0
172.17.0.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface virbr0
192.168.122.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface virbr0
192.168.122.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface wlp3s0
192.168.0.140:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface wlp3s0
192.168.0.140:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface lo
127.0.0.1:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface lo
127.0.0.1:4500
Feb 25 09:09:03 alwyn-hp pluto[859886]: adding UDP interface lo [::1]:500
Feb 25 09:09:03 alwyn-hp pluto[859886]: loading secrets from
"/etc/ipsec.secrets"
Feb 25 09:09:03 alwyn-hp pluto[859886]: loading secrets from
"/etc/ipsec.d/sonic.secrets"
wlp3s0 is my wifi interface.
When I do 'ipsec auto --up sonic" I get the following log:
003 "tutuka" #1: IKEv1 Aggressive Mode with PSK is vulnerable to dictionary
attacks and is cracked on large scale by TLA's
002 "tutuka" #1: initiating IKEv1 Aggressive Mode connection
110 "tutuka" #1: sent Aggressive Mode request
003 "tutuka" #1: ignoring unknown Vendor ID payload [5b 36 2b c8 20 f6 00
07]
002 "tutuka" #1: Peer ID is ID_FQDN: '@C0EAE402FFB8'
002 "tutuka" #1: Peer ID is ID_FQDN: '@C0EAE402FFB8'
004 "tutuka" #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256
integ=HMAC_SHA1 group=MODP1024}
003 "tutuka" #1: received and ignored notification payload:
IPSEC_RESPONDER_LIFETIME
002 "tutuka" #1: XAUTH: Answering XAUTH challenge with user='alwyn'
004 "tutuka" #1: XAUTH client - possibly awaiting CFG_set
{auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP1024}
003 "tutuka" #1: ignoring informational payload IPSEC_INITIAL_CONTACT,
msgid=00000000, length=28
003 "tutuka" #1: received and ignored notification payload:
IPSEC_INITIAL_CONTACT
002 "tutuka" #1: XAUTH: Successfully Authenticated
004 "tutuka" #1: XAUTH client - possibly awaiting CFG_set
{auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP1024}
002 "tutuka" #1: modecfg: Sending IP request (MODECFG_I1)
003 "tutuka" #1: received Delete SA payload: self-deleting ISAKMP State #1
002 "tutuka" #1: deleting state (STATE_MODE_CFG_I1) aged 1.361573s and
sending notification
My noob gut tells me I am supposed to get IP information sent, but I'm not
even sure if I am done authenticating.
Any input welcome!
Regards,
Alwyn Schoeman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210225/83660fc5/attachment.html>
More information about the Swan
mailing list