- #Using ipsecuritas with sonicwall pro
- #Using ipsecuritas with sonicwall mac
- #Using ipsecuritas with sonicwall windows
Second, the web management interface is extremely wonky.
#Using ipsecuritas with sonicwall windows
(By the way, it works just fine on Windows SSL VPN clients, so I know it's not a config error on the firewall.) How something this basic got by their QA department is totally beyond me. Watchguard has confirmed that this is a bug, but they cannot commit to a time frame for a fix.
It then will respond to DNS requests for internal hosts only - that is to say, it breaks name resolution for anything outside the VPN. The moment you establish the tunnel, it overwrites your DNS settings with the nameserver for the secure network. It connects up just fine, but split DNS is broken. I really wanted to love it, because it's a lot of promised functionality for a great price, but I'm extremely disappointed in this purchase.įirst of all, the SSL VPN does not work correctly on a Mac.
#Using ipsecuritas with sonicwall mac
Do not buy Watchguard if you need Mac support. Well, here we are a few weeks later, and I'm reporting in as promised.Īnd the verdict is. That being said, I'm happy to report I have no coexistence issues. I do find myself disappointed that a standard hasn't developed for delivering an SSL/TLS VPN that would permit use of a single, possibly OS integrated, client. VPN delivered over TCP 443 are really quite convenient as some places (companies, hotels, etc) limit outbound ports, including UDP/TCP 5 preventing IPSEC negotiation. I'm still trying to pin this down as it's a pain for my clients. The biggest issue I have is that the NetExtender client doesn't always correctly set the appropriate DNS server or search domain, so name resolution doesn't always work as expected. They're all effective with few to no issues.
#Using ipsecuritas with sonicwall pro
Check StatusĪt this point, the SonicWall should show a green dot on the VPN policy line you created. Also do the same if you have Iptables in use on the StrongSwan server. In the advanced tab I enabled keep-alive.Īlso, remember to add firewall rules to allow traffic to flow between networks in SonicWall. The remote network zone should be a “VPN” zone.įor the proposal we must match the parameters in /etc/nf. The “Shared Secret” field should contain the same random string you put into the /etc/crets file. However, you need to configure the other endpoint first before you will see an active connection and a security association.