[Vpn-help] connecting to SonicWall
mgrooms
mgrooms at shrew.net
Sun May 25 13:01:36 CDT 2008
On Sat, 24 May 2008 18:44:07 -0700, "Harondel J. Sibble" <help at pdscc.com>
wrote:
> On 24 May 2008 at 15:44, Harondel J. Sibble wrote:
>
>> If I get a chance over the weekend, I'll install the latest shrew beta
>> on my ubuntu 6.0.6 vm and see if I can get it to successfully talk to
>> the sonicwall in my post above and report back.
>
>
> Matthew, can you verify if the dhcp over ipsec code is in the 2.1.0 beta
5
> release? I vaguely remember you said it was going in, in the 2.1.0 series
> or
> was that 2.2 ;-)
>
DHCP over IPsec support has been available in all 2.1.0 releases. However,
I haven't been able to get it to work with the Sonicwall I have in my lab.
Phase1 appears to complete without issue. I assume this is just a problem
with our DHCP over IPsec implementation which was originally written to be
Fortigate compatible.
> When I choose dhcp over ipsec for auto configuration, under address
method
> there's only one choice "use virtual adapter and assigned address"
>
> and below that obtain automatically is greyed out and I have to put in an
> ip
> address.
>
Do you mean that when DHCP over IPsec is selected, the obtain automatically
is greyed out but ...
a) you want to enter a static address but you cant
... or ...
b) the client is requiring that you enter in an ip address
Using DHCP would mean you are requesting that an address be automatically
assigned. The direct adapter mode is not an option as there must be a
target virtual adapter to assign the address to. Naturally, using DHCP
means there can be no static address assignment.
> I do have "obtain topology automatically" checked under the policy tab.
>
> I am just testing a working tunnel (against a Fortinet Wifi 60a) that I
> was
> using under beta 1 or 2 IIRC with the beta 5 before attempting to connect
> to
> the TZ170.
>
> Sadly I am not able to bring the tunnel up under beta 5, seeing a few
>
Unfortunately, I won't have time to investigate the Sonicwall compatibility
issues fully until after the 2.1.0 release. The support is currently slated
for 2.2.0 but I can probably bump it up to 2.1.1 if there is enough
interest.
Thanks,
-Matthew
More information about the vpn-help
mailing list