ListArc » English » Computer and Internet » Users » Sonicwall TZ170 to OpenSWAN peer\'s ID_USER_FQDN contains no @


Sonicwall TZ170 to OpenSWAN peer\'s ID_USER_FQDN contains no @


27-04-2010 08:17 PM
1


Trying to connect a TZ710<->Openswan gets me the follwing errors:

Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-00]
Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: ignoring Vendor ID
payload [Sonicwall 1 (TZ 170 Standard?)]
Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: peer's
ID_USER_FQDN contains no @: 0006B105D23
Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: Aggressive mode
peer ID is ID_USER_FQDN: '0006B105D230'
Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: no suitable
connection for peer '0006B105D230'
Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: initial Aggressive
Mode packet claiming to be from y.y.y.y on y.y.y.y but no connection has
been authorized
Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: sending
notification INVALID_ID_INFORMATION to y.y.y.y:500

conn andree
left=x.x.x.x
leftsourceip=10.1.1.1
leftsubnet=10.1.1.0/24
leftid=x.x.x.x
right=y.y.y.y
rightsubnet=192.168.3.0/24
# rightid=0006B105D23U
keyingtries=0
pfs=no
aggrmode=yes
auto=start
auth=esp
esp=3des-sha1
ike=3des-sha1
authby=secret
keyexchange=ike

I'm assuming this is because I can't say the IKE ID on the router for
the left or right? Maybe if there was a way to eliminate checking for
an IKEID on the right?
_______________________________________________
___________________________________________________

Posted on the Users mailing list. Go to http://lists.openswan.org/mailman/listinfo/users to subscribe.


28-04-2010 06:09 AM
2


On Tue, 27 Apr 2010, Mike A. Leonetti wrote:

> Trying to connect a TZ710<->Openswan gets me the follwing errors:
>
> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: received Vendor ID
> payload [draft-ietf-ipsec-nat-t-ike-00]
> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: ignoring Vendor ID
> payload [Sonicwall 1 (TZ 170 Standard?)]
> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: peer's
> ID_USER_FQDN contains no @: 0006B105D23
> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: Aggressive mode
> peer ID is ID_USER_FQDN: '0006B105D230'
> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: no suitable
> connection for peer '0006B105D230'
> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: initial Aggressive
> Mode packet claiming to be from y.y.y.y on y.y.y.y but no connection has
> been authorized
> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: sending
> notification INVALID_ID_INFORMATION to y.y.y.y:500
>
> conn andree
> left=x.x.x.x
> leftsourceip=10.1.1.1
> leftsubnet=10.1.1.0/24
> leftid=x.x.x.x
> right=y.y.y.y
> rightsubnet=192.168.3.0/24
> # rightid=0006B105D23U
> keyingtries=0
> pfs=no
> aggrmode=yes
> auto=start
> auth=esp
> esp=3des-sha1
> ike=3des-sha1
> authby=secret
> keyexchange=ike

Try using rightid=@0006B105D23U

Paul
_______________________________________________
___________________________________________________

Posted on the Users mailing list. Go to http://lists.openswan.org/mailman/listinfo/users to subscribe.


28-04-2010 02:09 PM
3


Paul Wouters wrote:
> On Tue, 27 Apr 2010, Mike A. Leonetti wrote:
>
>> Trying to connect a TZ710<->Openswan gets me the follwing errors:
>>
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: received Vendor ID
>> payload [draft-ietf-ipsec-nat-t-ike-00]
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: ignoring Vendor ID
>> payload [Sonicwall 1 (TZ 170 Standard?)]
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: peer's
>> ID_USER_FQDN contains no @: 0006B105D23
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: Aggressive mode
>> peer ID is ID_USER_FQDN: '0006B105D230'
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: no suitable
>> connection for peer '0006B105D230'
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: initial Aggressive
>> Mode packet claiming to be from y.y.y.y on y.y.y.y but no connection has
>> been authorized
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: sending
>> notification INVALID_ID_INFORMATION to y.y.y.y:500
>>
>> conn andree
>> left=x.x.x.x
>> leftsourceip=10.1.1.1
>> leftsubnet=10.1.1.0/24
>> leftid=x.x.x.x
>> right=y.y.y.y
>> rightsubnet=192.168.3.0/24
>> # rightid=0006B105D23U
>> keyingtries=0
>> pfs=no
>> aggrmode=yes
>> auto=start
>> auth=esp
>> esp=3des-sha1
>> ike=3des-sha1
>> authby=secret
>> keyexchange=ike
>
> Try using rightid=@0006B105D23U
>
> Paul
No errors, but the only thing I get is this:

Apr 28 09:11:42 fortissimo pluto[23745]: "andree": deleting connection
Apr 28 09:11:42 fortissimo pluto[23745]: "andree" #4: deleting state
(STATE_AGGR_I1)
Apr 28 09:11:43 fortissimo pluto[25359]: added connection description
"andree"
Apr 28 09:11:43 fortissimo ipsec__plutorun: 002 added connection
description "andree"
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
(5,2,2,0) ignored.
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: initiating
Aggressive Mode #4, connection "andree"
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
(5,2,2,0) ignored.
Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: transform
(5,2,2,0) ignored.


And then
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
ignoring Vendor ID payload [Sonicwall 2 (3.1.0.12-86s?)]
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
received Vendor ID payload [XAUTH]
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
initial Aggressive Mode message from y.y.y.y but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE

But it never comes up.
_______________________________________________
___________________________________________________

Posted on the Users mailing list. Go to http://lists.openswan.org/mailman/listinfo/users to subscribe.


28-04-2010 04:21 PM
4


On Wed, 28 Apr 2010, Mike A. Leonetti wrote:

> Paul Wouters wrote:
>> On Tue, 27 Apr 2010, Mike A. Leonetti wrote:
>>
>>> Trying to connect a TZ710<->Openswan gets me the follwing errors:
>>>
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: received Vendor ID
>>> payload [draft-ietf-ipsec-nat-t-ike-00]
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: ignoring Vendor ID
>>> payload [Sonicwall 1 (TZ 170 Standard?)]
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: peer's
>>> ID_USER_FQDN contains no @: 0006B105D23
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: Aggressive mode
>>> peer ID is ID_USER_FQDN: '0006B105D230'
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: no suitable
>>> connection for peer '0006B105D230'
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: initial Aggressive
>>> Mode packet claiming to be from y.y.y.y on y.y.y.y but no connection has
>>> been authorized
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: sending
>>> notification INVALID_ID_INFORMATION to y.y.y.y:500
>>>
>>> conn andree
>>> left=x.x.x.x
>>> leftsourceip=10.1.1.1
>>> leftsubnet=10.1.1.0/24
>>> leftid=x.x.x.x
>>> right=y.y.y.y
>>> rightsubnet=192.168.3.0/24
>>> # rightid=0006B105D23U
>>> keyingtries=0
>>> pfs=no
>>> aggrmode=yes
>>> auto=start
>>> auth=esp
>>> esp=3des-sha1
>>> ike=3des-sha1
>>> authby=secret
>>> keyexchange=ike
>>
>> Try using rightid=@0006B105D23U
>>
>> Paul
> No errors, but the only thing I get is this:
>
> Apr 28 09:11:42 fortissimo pluto[23745]: "andree": deleting connection
> Apr 28 09:11:42 fortissimo pluto[23745]: "andree" #4: deleting state
> (STATE_AGGR_I1)
> Apr 28 09:11:43 fortissimo pluto[25359]: added connection description
> "andree"
> Apr 28 09:11:43 fortissimo ipsec__plutorun: 002 added connection
> description "andree"
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
> transforms were set in aggressive mode. Only first one used.
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
> (5,2,2,0) ignored.
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: initiating
> Aggressive Mode #4, connection "andree"
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
> transforms were set in aggressive mode. Only first one used.
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
> (5,2,2,0) ignored.
> Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: multiple
> transforms were set in aggressive mode. Only first one used.
> Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: transform
> (5,2,2,0) ignored.
>
>
> And then
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> ignoring Vendor ID payload [Sonicwall 2 (3.1.0.12-86s?)]
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> received Vendor ID payload [XAUTH]
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> initial Aggressive Mode message from y.y.y.y but no (wildcard)
> connection has been configured with policy=PSK+AGGRESSIVE

Try using right=%any

> But it never comes up.
>
_______________________________________________
___________________________________________________

Posted on the Users mailing list. Go to http://lists.openswan.org/mailman/listinfo/users to subscribe.


28-04-2010 04:50 PM
5


Paul Wouters wrote:
> On Wed, 28 Apr 2010, Mike A. Leonetti wrote:
>
>> Paul Wouters wrote:
>>> On Tue, 27 Apr 2010, Mike A. Leonetti wrote:
>>>
>>>> Trying to connect a TZ710<->Openswan gets me the follwing errors:
>>>>
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: received
>>>> Vendor ID
>>>> payload [draft-ietf-ipsec-nat-t-ike-00]
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: ignoring
>>>> Vendor ID
>>>> payload [Sonicwall 1 (TZ 170 Standard?)]
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: peer's
>>>> ID_USER_FQDN contains no @: 0006B105D23
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: Aggressive mode
>>>> peer ID is ID_USER_FQDN: '0006B105D230'
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: no suitable
>>>> connection for peer '0006B105D230'
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: initial
>>>> Aggressive
>>>> Mode packet claiming to be from y.y.y.y on y.y.y.y but no
>>>> connection has
>>>> been authorized
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: sending
>>>> notification INVALID_ID_INFORMATION to y.y.y.y:500
>>>>
>>>> conn andree
>>>> left=x.x.x.x
>>>> leftsourceip=10.1.1.1
>>>> leftsubnet=10.1.1.0/24
>>>> leftid=x.x.x.x
>>>> right=y.y.y.y
>>>> rightsubnet=192.168.3.0/24
>>>> # rightid=0006B105D23U
>>>> keyingtries=0
>>>> pfs=no
>>>> aggrmode=yes
>>>> auto=start
>>>> auth=esp
>>>> esp=3des-sha1
>>>> ike=3des-sha1
>>>> authby=secret
>>>> keyexchange=ike
>>>
>>> Try using rightid=@0006B105D23U
>>>
>>> Paul
>> No errors, but the only thing I get is this:
>>
>> Apr 28 09:11:42 fortissimo pluto[23745]: "andree": deleting connection
>> Apr 28 09:11:42 fortissimo pluto[23745]: "andree" #4: deleting state
>> (STATE_AGGR_I1)
>> Apr 28 09:11:43 fortissimo pluto[25359]: added connection description
>> "andree"
>> Apr 28 09:11:43 fortissimo ipsec__plutorun: 002 added connection
>> description "andree"
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
>> transforms were set in aggressive mode. Only first one used.
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
>> (5,2,2,0) ignored.
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: initiating
>> Aggressive Mode #4, connection "andree"
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
>> transforms were set in aggressive mode. Only first one used.
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
>> (5,2,2,0) ignored.
>> Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: multiple
>> transforms were set in aggressive mode. Only first one used.
>> Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: transform
>> (5,2,2,0) ignored.
>>
>>
>> And then
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> ignoring Vendor ID payload [Sonicwall 2 (3.1.0.12-86s?)]
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> received Vendor ID payload [XAUTH]
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> initial Aggressive Mode message from y.y.y.y but no (wildcard)
>> connection has been configured with policy=PSK+AGGRESSIVE
>
> Try using right=%any
>
>> But it never comes up.
>>
It isn't very happy with that.

Apr 28 11:56:56 fortissimo pluto[25359]: "andree": deleting connection
Apr 28 11:56:56 fortissimo pluto[25359]: "andree" #37: deleting state
(STATE_AGGR_I1)
Apr 28 11:56:57 fortissimo pluto[28651]: added connection description
"andree"
Apr 28 11:56:57 fortissimo ipsec__plutorun: 002 added connection
description "andree"
Apr 28 11:56:58 fortissimo pluto[28651]: "andree": cannot initiate
connection without knowing peer IP address (kind=CK_TEMPLATE)
Apr 28 11:56:58 fortissimo ipsec__plutorun: 029 "andree": cannot
initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
_______________________________________________
___________________________________________________

Posted on the Users mailing list. Go to http://lists.openswan.org/mailman/listinfo/users to subscribe.


28-04-2010 05:06 PM
6


On Wed, 28 Apr 2010, Mike A. Leonetti wrote:

>>> And then
>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>> ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>> ignoring Vendor ID payload [Sonicwall 2 (3.1.0.12-86s?)]
>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>> received Vendor ID payload [XAUTH]
>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>> initial Aggressive Mode message from y.y.y.y but no (wildcard)
>>> connection has been configured with policy=PSK+AGGRESSIVE
>>
>> Try using right=%any
>>
>>> But it never comes up.
>>>
> It isn't very happy with that.
>
> Apr 28 11:56:56 fortissimo pluto[25359]: "andree": deleting connection
> Apr 28 11:56:56 fortissimo pluto[25359]: "andree" #37: deleting state
> (STATE_AGGR_I1)
> Apr 28 11:56:57 fortissimo pluto[28651]: added connection description
> "andree"
> Apr 28 11:56:57 fortissimo ipsec__plutorun: 002 added connection
> description "andree"
> Apr 28 11:56:58 fortissimo pluto[28651]: "andree": cannot initiate
> connection without knowing peer IP address (kind=CK_TEMPLATE)
> Apr 28 11:56:58 fortissimo ipsec__plutorun: 029 "andree": cannot
> initiate connection without knowing peer IP address (kind=CK_TEMPLATE)

Yes you can only respond when using %any, not initiate.

I guess I'm just confused what the intention here is, and if one or both
endpoints are behind nat.

Paul
_______________________________________________
___________________________________________________

Posted on the Users mailing list. Go to http://lists.openswan.org/mailman/listinfo/users to subscribe.


28-04-2010 05:13 PM
7


Paul Wouters wrote:
> On Wed, 28 Apr 2010, Mike A. Leonetti wrote:
>
>>>> And then
>>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
>>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>>> ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
>>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>>> ignoring Vendor ID payload [Sonicwall 2 (3.1.0.12-86s?)]
>>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>>> received Vendor ID payload [XAUTH]
>>>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>>>> initial Aggressive Mode message from y.y.y.y but no (wildcard)
>>>> connection has been configured with policy=PSK+AGGRESSIVE
>>>
>>> Try using right=%any
>>>
>>>> But it never comes up.
>>>>
>> It isn't very happy with that.
>>
>> Apr 28 11:56:56 fortissimo pluto[25359]: "andree": deleting connection
>> Apr 28 11:56:56 fortissimo pluto[25359]: "andree" #37: deleting state
>> (STATE_AGGR_I1)
>> Apr 28 11:56:57 fortissimo pluto[28651]: added connection description
>> "andree"
>> Apr 28 11:56:57 fortissimo ipsec__plutorun: 002 added connection
>> description "andree"
>> Apr 28 11:56:58 fortissimo pluto[28651]: "andree": cannot initiate
>> connection without knowing peer IP address (kind=CK_TEMPLATE)
>> Apr 28 11:56:58 fortissimo ipsec__plutorun: 029 "andree": cannot
>> initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
>
> Yes you can only respond when using %any, not initiate.
>
> I guess I'm just confused what the intention here is, and if one or both
> endpoints are behind nat.
>
> Paul
>
The intention here is to initiate and keep up a VPN between OpenSWAN and
an older style Sonicwall device. The Sonicwall device doesn't have a
place to put in the IKE ID for the local or remote connexion. This is
really the only thing that differs from the newer Sonicwall is that and
we do have three VPNs with newer Sonicwalls already working on the Linux
side and one on the older Sonicwall side (that we are trying to VPN into).

None of the firewalls are behind a NAT in this scenario.
_______________________________________________
___________________________________________________

Posted on the Users mailing list. Go to http://lists.openswan.org/mailman/listinfo/users to subscribe.


28-04-2010 08:48 PM
8


On Wed, 28 Apr 2010, Mike A. Leonetti wrote:

> The intention here is to initiate and keep up a VPN between OpenSWAN and
> an older style Sonicwall device. The Sonicwall device doesn't have a
> place to put in the IKE ID for the local or remote connexion. This is
> really the only thing that differs from the newer Sonicwall is that and
> we do have three VPNs with newer Sonicwalls already working on the Linux
> side and one on the older Sonicwall side (that we are trying to VPN into).
>
> None of the firewalls are behind a NAT in this scenario.

Then do not specify any rightid/leftid, and it will default to use the
IP address as ID.

Paul
_______________________________________________
___________________________________________________

Posted on the Users mailing list. Go to http://lists.openswan.org/mailman/listinfo/users to subscribe.


28-04-2010 09:59 PM
9


Paul Wouters wrote:
> On Wed, 28 Apr 2010, Mike A. Leonetti wrote:
>
>> The intention here is to initiate and keep up a VPN between OpenSWAN and
>> an older style Sonicwall device. The Sonicwall device doesn't have a
>> place to put in the IKE ID for the local or remote connexion. This is
>> really the only thing that differs from the newer Sonicwall is that and
>> we do have three VPNs with newer Sonicwalls already working on the Linux
>> side and one on the older Sonicwall side (that we are trying to VPN
>> into).
>>
>> None of the firewalls are behind a NAT in this scenario.
>
> Then do not specify any rightid/leftid, and it will default to use the
> IP address as ID.
>
> Paul
This is what happens though:

Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: transform
(5,2,2,0) ignored.
Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: initiating
Aggressive Mode #4, connection "andree"
Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: transform
(5,2,2,0) ignored.
Apr 28 16:53:20 fortissimo ipsec__plutorun: 003 "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 16:53:20 fortissimo ipsec__plutorun: 003 "andree" #4: transform
(5,2,2,0) ignored.

And the Sonicwall side says:
IKE negotiation aborted due to timeout
IKE Initiator: No response - remote party timeout
_______________________________________________
___________________________________________________

Posted on the Users mailing list. Go to http://lists.openswan.org/mailman/listinfo/users to subscribe.