Creating a VPN tunnel between Ubuntu and Sonicwall
Yesterday I walked you through the process of connecting to a Microsoft PPTP VPN (see my article "Connecting to a Microsoft VPN with Linux"). That article used a simple GUI tool to allow you to create your VPN tunnel. Unfortunately there is no magic support you can add to the Network Manager Applet to add support for the Sonicwall VPN. Instead, you have to do things manually. That's right - it's all command line from here. But don't worry, it's not terribly difficult...just a lot of typing. And, of course, you will have to bring up and bring down your connection manually. But if you're stuck having to make a connection with a Sonicwall VPN, and you're using Linux, as of right now it's your only hope.
What you need
To make this connection happen you are going to need a few bits of information:
Unique Firewall Identifier: This is on the VPN Settings of your Sonicwall router. If you do not have access to the router itself, you might have to nicely ask your IT department.
Shared secret key: This also is taken from your Sonicwall router.
NOTE: In order for this to work the Sonicwal must be set to IDE Using Preshared Secret. Either set it as such or ask your IT department if it is (and, if not, if it can be). The Sonicwall also has to have the Proposals set as such:
- Phase 1: Group5, 3DES, SHA1, 28800
- Phase 2: ESP, 3DES, SHA1
- Enable Perfect Forward Secrecy, Set DH Group to Group 5, and Lifetime toÂ Â 28800
It might be a lot to ask your IT department, but if you want to make that connection using Linux, it's a must.
On your Linux client you will need to install OpenSwan. You can do this from the Synaptic Package Manager by following these steps:
- Open up Synaptic.
- Search for "openswan" (no quotes).
- Mark OpenSwan for installation.
- Click Apply to install.
There are two files you have to configure. The first file is /etc/ipsec.conf. The configuration needs to look like:
Where all fields in ALL CAPS are unique to your setup.
Now you need to add one line to /etc/ipsec.secrets. This line looks like:
@home @SONICWALL_UNIQUE_IDENTIFIER : PSK "SHARED_SECRET_KEY"
Now you are ready to test out your connection.
Bringing it up and taking it down
There are three commands you need to bring up your tunnel:
sudo ipsec setup â€“â€“start
sudo ipsec auto â€“â€“add sonicwall
sudo ipsec whack â€“â€“name sonicwall â€“â€“initiate
Once you've initiated that final command you should be able to open up Places > Network (That's in GNOME of course) and find your VPN machines. If not, wait a moment and re-open Places > Network.
Once you are done, you can bring down your connection with two commands:
sudo ipsec whack â€“â€“name sonicwall â€“â€“terminate
sudo ipsec setup â€“â€“stop
Of course, instead of having to run those same commands all the time I would create two scripts, one for starting and one for stopping. Move those scripts to /usr/bin, give them executable permission, and create a menu entry and then starting and stopping your VPN connection is simple.
It's not as simple as connecting to a Microsoft VPN but at least there is a way to connect to your Sonicwall VPN. Good luck!Advertisement