Tag: vpn

FreeS/WAN Sonicwall example

Here’s a (possibly) handy little set of configs and such to help you get
the FreeS/WAN IPSEC implementation working with a Sonicwall firewall in tunnel mode. It should work in transport mode with minimal changes but I have not tested that myself.

This is a working config with the sensitive information obsucated (mostly the external IPs of the firewalls and the secret key).

“fre.esw.an.ip” = freeswan gateway ip and
“son.icw.all.ip” = sonicwall gateway ip.

I’ve found other examples which state you need the “SonicWall Unique Identifier” but I found this to be unnecessary (in fact I couldn’t get it working correctly using any leftid= combinations)

Diagram

    Left Network
     10.0.0.0/8
          |
--------------------
|   FreeSwan GW    |
|  fre.esw.an.ip   |
--------------------
          |
  The InterNET(tm)
          |
--------------------
|   SonicWall GW   |
|  son.icw.all.ip  |
--------------------
          |
    Right Network
   192.168.1.0/24

ipsec.conf

config setup
	interfaces=%defaultroute
	klipsdebug=none
	plutodebug=none
	plutoload=%search
	plutostart=%search
	plutowait=no
	uniqueids=yes

conn fswn-swll
	# PFS doesn't work so turn it off
	pfs=no
	keyingtries=0
	ikelifetime=28800
	keylife=5h
	disablearrivalcheck=no
	# Freeswan Side
	left=fre.esw.an.ip
	leftsubnet=10.0.0.0/8
        leftnexthop=%defaultroute
	# Sonicwall Side
	right=son.icw.all.ip
	rightsubnet=192.168.1.0/24
	authby=secret
	# you'll need to do "ipsec auto --up fswn-swll" to start this up
	# unless you use auto=start, but thats just basic freeswan stuff
	auto=add

ipsec.secrets

fre.esw.an.ip son.icw.all.ip : PSK "allthefish"

Advanced routing with FreeSWAN IPSEC

We had advanced routing working with FreeSWAN on Linux. I’m amazed it works, especially with the bridging we had in place between 2 other interfaces on the same box (I’m just a tad cynical about the FreeSWAN stuff sometimes) (read: all the time).