Hello Jack, N(INVAL_SYN) is sometimes returned if the peer does not recognize or support all crypto proposals. Have you tried to restrict it to simple ones as e.g.
ike=aes128-sha1-modp2048! Do not forget to set the strict flag '!' so that only this suite is proposed. Regards Andreas On 09/14/2010 10:50 PM, Jack Omalley wrote: > Has anyone gotten Strongswan to connect (using IKEv2) to a Sonicwall > running Enhanced OS 4.x? I have spent several hours on this, and have > gotten nowhere. > > I've got a stripped down config in a test environment, and when I try to > make a connection, I get > > > r...@mercury:/home/user1# ipsec up home > initiating IKE_SA home[1] to xx.xx.xx.xxx > generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > sending packet: from 192.168.5.209[500] to xx.xx.xx.xxxx[500] > received packet: from xx.xx.xx.xxx[500] to 192.168.5.209[500] > parsed IKE_SA_INIT response 0 [ N(INVAL_SYN) ] > received INVALID_SYNTAX notify error > r...@mercury:/home/user1# ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
