Hello, I am attempting to remotely connect my home computer to my employer's intranet via their SonicWall NSA240. I have been able to easily connect with Sonicwall's Global VPN client from Windows 7, but so far after about a week of struggling I have not been able to connect from Ubuntu 16.04 with strongSwan 5.6.1.
The Sonicwall is configured for IKEv1 using xauth-psk in Aggressive Mode. My computer gets a DHCP public and private IP address from its cellular hotspot connection. My goal is to authenticate with the SonicWALL and then receive a dynamically assigned virtual internal IP for my home computer. So far I have only been able to complete IKE phase 1 with strongSwan, but not phase 2. Hopefully the messages below will provide some clues. The last 7 lines are always the same no matter the settings I try. If necessary I can share my ipsec.conf file. I also have the config file for the Global VPN client from Windows if that would help. The only change I made in charon.conf was to uncomment the following line: accept_unencrypted_mainmode_messages = yes This is what I see in my terminal after 'sudo ipsec up test3' starting after IKE phase 1: XAuth authentication of '<userid>' (myself) successful IKE_SA TEST3[1] established between 192.168.1.34[192.168.1.34]...xxx.xxx.xxx.xxx[yyyyyy] scheduling reauthentication in 27855s maximum IKE_SA lifetime 28395s generating TRANSACTION response 1072426005 [ HASH CPA(X_STATUS) ] sending packet: from 192.168.1.34[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes) assigning new lease to 'yyyyyyy' assigning virtual IP 10.1.30.1 to peer 'yyyyyyy' generating TRANSACTION request 420617457 [ HASH CPS(ADDR) ] sending packet: from 192.168.1.34[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes) received packet: from xxx.xxx.xxx.xxx[4500] to 192.168.1.34[4500] (92 bytes) parsed INFORMATIONAL_V1 request 2093927451 [ HASH D ] received DELETE for IKE_SA TEST3[1] deleting IKE_SA TEST3[1] between 192.168.1.34[192.168.1.34]...xxx.xxx.xxx.xxx[yyyyyyyyy] initiating Aggressive Mode IKE_SA TEST3[2] to xxx.xxx.xxx.xxx generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ] sending packet: from 192.168.1.34[500] to xxx.xxx.xxx.xxx[500] (396 bytes) establishing connection 'test3' failed Thanks for any help! I didn't know anything about VPN/IPsec before last week and still don't other than what I have learned from the strongSwan documentation, so please bear with me. Dave -- GPG public key ID: 42AE9528 http://www.openpgp.org/