RE: [m0n0wall] ipsec, sonicwall to m0n0wall.

From:	"Philippe Lang" <philippe dot lang at attiksystem dot ch>
To:	"Jonathan Simpson" <jsimpson at theatsgroup dot com>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] ipsec, sonicwall to m0n0wall.
Date:	Tue, 6 Feb 2007 14:38:43 +0100

Jonathan Simpson wrote:
> I've been struggling with this for days.  I'm trying to establish a
> connection between us and one of our business partners, we have a
> m0n0wall at our end and they have a sonicwall. We are both using main
> mode, all other settings have been checked over to match a dozen
> times, identifier is IP. The only error I see in my logs (there are
> lots of debugs) is racoon: ERROR:    
> not acceptable Identity Protection mode.
> 
> 
> 
> I've googled this error a dozen times over and all I can find is a
> reference to doing this on a netgear and aggressive/main not
> matching.  This shouldn't be an issue there. The guy on the remote
> side claims the connection is timing out.   
> 
> 
> 
> Sorry for the long winded question, I really don't have that much
> ipsec knowledge.  I appreciate any help. 
> 
> Jonathan

Hi,

I'm personnally using the following configuration, with a sonicwall and
a monowall, and it works. You might give it a try:

Phase 1:
--------
Main Mode
DH Group: Group 2
Encryption: 3DES
Authentication: MD5

Phase 2:
--------
ESP
Encryption: 3DES
Authentication: MD5
Enable Perfect Forward Secrecy disabled


This is certainly not the best secure VPN tunnel ever, but sufficient in
our case.

I'm using monowall 1.22 and SonicOS Enhanced 3.2.0.3-54e.

Hope this helps.

Regards,

Philippe Lang