[ previous ] [ next ] [ threads ]
 
 From:  Lee Saferite <lee dot saferite at speedysigns dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall <-> sonicWall VPN Problem
 Date:  Tue, 20 Sep 2005 18:10:28 -0400 
Hello everyone.
So, I started setting up my beautiful little WRAP based m0n0walls trying 
to make a VPN connection between an old sonicWall Pro and m0n0wall.  I 
followed the instructions given as 
http://img.m0n0.ch/docbook/examplevpn-sonicwall.html but still cannot 
get it working.  I have included the log files in the hopes that someone 
understands all those entries from racoon since I'm still clueless at 
this point.  I have gotten a m0n0wall <-> m0n0wall VPN working fine 
already, but the sonicwall is a problem.  Any chance someone can help 
me?  If you need more info, I will provide it.

Sep 20 18:00:22 firewall racoon: INFO: main.c:172:main(): @(#)package 
version freebsd-20050510a
Sep 20 18:00:22 firewall racoon: INFO: main.c:174:main(): @(#)internal 
version 20001216 sakane at kame dot net
Sep 20 18:00:22 firewall racoon: INFO: main.c:175:main(): @(#)This 
product linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
Sep 20 18:00:22 firewall racoon: INFO: isakmp.c:1368:isakmp_open(): 
127.0.0.1[500] used as isakmp port (fd=7)
Sep 20 18:00:22 firewall racoon: INFO: isakmp.c:1368:isakmp_open(): 
x.x.148.2[500] used as isakmp port (fd=8)
Sep 20 18:00:22 firewall racoon: INFO: isakmp.c:1368:isakmp_open(): 
172.30.200.1[500] used as isakmp port (fd=9)
Sep 20 18:00:39 firewall racoon: INFO: 
isakmp.c:1694:isakmp_post_acquire(): IPsec-SA request for 66.35.146.35 
queued due to no phase1 found.
Sep 20 18:00:39 firewall racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): 
initiate new phase 1 negotiation: x.x.148.2[500]<=>66.35.146.35[500]
Sep 20 18:00:39 firewall racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): 
begin Aggressive mode.
Sep 20 18:00:39 firewall racoon: WARNING: 
ipsec_doi.c:3067:ipsecdoi_checkid1(): ID type mismatched.
Sep 20 18:00:39 firewall racoon: WARNING: 
ipsec_doi.c:3082:ipsecdoi_checkid1(): ID value mismatched.
Sep 20 18:00:40 firewall racoon: INFO: 
isakmp.c:2459:log_ph1established(): ISAKMP-SA established 
x.x.148.2[500]-x.x.146.35[500] spi:c4e32e6fbae9e391:d044f785326a9029
Sep 20 18:00:40 firewall racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): 
initiate new phase 2 negotiation: x.x.148.2[0]<=>x.x.146.35[0]
Sep 20 18:00:40 firewall racoon: ERROR: 
isakmp_inf.c:843:isakmp_info_recv_n(): unknown notify message, no phase2 
handle found.
Sep 20 18:00:46 firewall racoon: ERROR: 
isakmp_inf.c:1247:isakmp_info_recv_d(): delete payload with invalid doi:0.
Sep 20 18:00:46 firewall ipmon[83]: 18:00:45.837380 sis0 @0:21 b 
172.30.200.119,1441 -> x.x.146.37,3306 PR tcp len 20 45 -AFP IN
Sep 20 18:00:50 firewall racoon: ERROR: 
isakmp_inf.c:141:isakmp_info_recv(): ignore information because the 
message has no hash payload.
Sep 20 18:00:52 firewall racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): 
respond new phase 1 negotiation: x.x.148.2[500]<=>x.x.146.35[500]
Sep 20 18:00:52 firewall racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): 
begin Aggressive mode.
Sep 20 18:00:52 firewall racoon: WARNING: 
ipsec_doi.c:3067:ipsecdoi_checkid1(): ID type mismatched.
Sep 20 18:00:52 firewall racoon: WARNING: 
ipsec_doi.c:3082:ipsecdoi_checkid1(): ID value mismatched.
Sep 20 18:00:53 firewall racoon: INFO: 
isakmp.c:2459:log_ph1established(): ISAKMP-SA established 
x.x.148.2[500]-x.x.146.35[500] spi:20dfb2814af00258:4077d0f9efb6c5e3
Sep 20 18:00:55 firewall racoon: INFO: 
isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 
x.x.148.2[0]<=>x.x.146.35[0]
Sep 20 18:00:55 firewall racoon: ERROR: 
isakmp_quick.c:2030:get_proposal_r(): no policy found: x.x.146.32/28[0] 
172.30.200.0/24[0] proto=any dir=in
Sep 20 18:00:55 firewall racoon: ERROR: 
isakmp_quick.c:1071:quick_r1recv(): failed to get proposal for responder.
Sep 20 18:00:55 firewall racoon: ERROR: 
isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet.
Sep 20 18:00:55 firewall ipmon[83]: 18:00:55.361376 sis2 @0:23 b 
67.68.253.59,2829 -> x.x.148.2,139 PR tcp len 20 48 -S IN
Sep 20 18:00:59 firewall racoon: INFO: 
isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 
x.x.148.2[0]<=>x.x.146.35[0]
Sep 20 18:00:59 firewall racoon: ERROR: 
isakmp_quick.c:2030:get_proposal_r(): no policy found: x.x.146.32/28[0] 
172.30.200.0/24[0] proto=any dir=in
Sep 20 18:00:59 firewall racoon: ERROR: 
isakmp_quick.c:1071:quick_r1recv(): failed to get proposal for responder.
Sep 20 18:00:59 firewall racoon: ERROR: 
isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet.
Sep 20 18:01:00 firewall racoon: ERROR: 
isakmp_inf.c:141:isakmp_info_recv(): ignore information because the 
message has no hash payload.
Sep 20 18:01:05 firewall ipmon[83]: 18:01:04.567690 sis0 @0:3 b 
172.30.200.13 -> 224.0.0.1 PR igmp len 24 (32) IN
Sep 20 18:01:07 firewall racoon: INFO: 
isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 
x.x.148.2[0]<=>x.x.146.35[0]
Sep 20 18:01:07 firewall racoon: ERROR: 
isakmp_quick.c:2030:get_proposal_r(): no policy found: x.x.146.32/28[0] 
172.30.200.0/24[0] proto=any dir=in
Sep 20 18:01:07 firewall racoon: ERROR: 
isakmp_quick.c:1071:quick_r1recv(): failed to get proposal for responder.
Sep 20 18:01:07 firewall racoon: ERROR: 
isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet.
Sep 20 18:01:10 firewall racoon: ERROR: pfkey.c:804:pfkey_timeover(): 
x.x.146.35 give up to get IPsec-SA due to time up to wait.
Sep 20 18:01:23 firewall racoon: INFO: 
isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 
x.x.148.2[0]<=>x.x.146.35[0]
Sep 20 18:01:23 firewall racoon: ERROR: 
isakmp_quick.c:2030:get_proposal_r(): no policy found: x.x.146.32/28[0] 
172.30.200.0/24[0] proto=any dir=in
Sep 20 18:01:23 firewall racoon: ERROR: 
isakmp_quick.c:1071:quick_r1recv(): failed to get proposal for responder.
Sep 20 18:01:23 firewall racoon: ERROR: 
isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet.