![]() “Aggressive Mode” can only be disabled for a site-to-site VPN (which can run in “ Main Mode“).That didn’t help me as I’m not running site-to-site. The only alternative to Pre-Shared Key authentication is to use certificates.They sent me a wonderful out-of-date SonicWALL PDF document on using certificates. I read it and didn’t understand it.īefore expending effort to fix this problem I first wanted to satisfy myself that a “traditional” VPN is still a good choice. Surely SSL VPN is the preferred way these days? USING IPSECURITAS WITH SONICWALL FULLĪfter all, it needs special client software and gives the computers that connect full access to the LAN as if they were right there in the building. Sure enough, articles from Cisco or Barracuda, for example, highlight the advantages of SSL VPN. Our experience with the “portal” concept of SSL VPN has been disappointing (i.e., applications responding very slowly or not working at all). And when your remote office staff tell you that the IPSec VPN works better for them, you need to take notice. Making this work was a three-step process: On balance, therefore, we decided we had to bite the bullet and make our SonicWALL VPN behave. Install our wildcard SSL certificate on the SonicWALL.I enlisted the help of a local IT consultant, who was able to get to grips with SonicWALL’s convoluted documentation to do this. On the SonicWALL router, reconfigure the WAN GroupVPN (under VPN | Settings) to use IKE Using 3 rd Party Certificates instead of IKE Using Preshared Secret (another term for pre-shared key). ![]() Install the same certificate on the SonicWALL Global VPN Client (GVC) on each client machine.In this post I’ll describe step 1 in detail. USING IPSECURITAS WITH SONICWALL INSTALLĪ future post will cover the other two steps.USING IPSECURITAS WITH SONICWALL HOW TO.The other options should be fairly obvious. Gateway ID : Phase 1 Algorithms : 3des-sha1-modp1024!.In the nework-manager-l2tp IPsec Options dialog box, enable IPsec and use the following options: You will need to logout of your desktop environment (or reboot) for gnome-shell to properly pickup the installed plugin. Prerequisites packages (note : you can safely copy and paste the \ shell line continuation character) : sudo apt install \ Unfortunately the version of network-manager-l2tp in the Ubuntu repository won't support the Gateway ID, so will need to build from source. You might find it easier to use the network-manager-l2tp VPN GUI client which uses strongswan and xl2tpd to do L2TP/IPsec connections. So the ike (phase 1) and esp (phase 2) lines should be : ike=3des-sha1-modp1024! I then used netExtender by SonicWall to then make the connection work and now use Remmina as my remote desktop client.Īccording to the following page, Diffie Hellman Group 2 is modp1024 : ![]() In the end, it turned out to be most likely a setting in the firewall. Installation worked fine, but I fear I miss something in the configuration.įor nf and crets, see above. Unfortunately, the connection still won't set up. Took me some time, but I finally tried the wonderful answer from Kosovic. Please let me know in case I missed some important information, I will then try to add it. # Following line was added by NetworkManager-l2tpĪnd after setting up things correctly, how can I then connect to my company computer as it would be possible with Remote Desktop on a Windows machine? # SonicWall unique for /etc/crets: : PSK "MY%SHARED%SECRET" I tried this as /etc/nf: # nf - strongSwan IPsec configuration file
0 Comments
Leave a Reply. |