LinuxQuestions.org - Need urgent help to connect from Openswan in CentOS to a Sonicwall router

Hi, I am unable to establish a tunnel to a Sonicwall box. I am NATed and behind a router and already have correct pre shared key and unquie identifier. Below is the log that i am getting -

ipsec auto --up sonicwall
104 "sonicwall" #1: STATE_MAIN_I1: initiate
003 "sonicwall" #1: ignoring unknown Vendor ID payload [5b362bc820f60007]
003 "sonicwall" #1: received Vendor ID payload [RFC 3947] method set to=109
106 "sonicwall" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "sonicwall" #1: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
003 "sonicwall" #1: received Vendor ID payload [XAUTH]
003 "sonicwall" #1: received Vendor ID payload [Dead Peer Detection]
003 "sonicwall" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
108 "sonicwall" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "sonicwall" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "sonicwall" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "sonicwall" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "sonicwall" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
003 "sonicwall" #1: discarding duplicate packet; already STATE_MAIN_I3
031 "sonicwall" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "sonicwall" #1: starting keying attempt 2 of an unlimited number, but releasing whack

Below is my ipsec.conf -

# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
#klipsdebug=none
#plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
#virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
nhelpers=1
interfaces="%defaultroute"

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#include /etc/ipsec.d/*.conf

conn sonicwall

type=tunnel
left=XX.XX.XX.XX # My local linux machine IP
leftsubnet=XX.XX.XX.XX/24 # The subnet of your local Linux machine
leftid=@GroupVPN # Same as given in Sonicwall
leftxauthclient=yes
right=XX.XX.XX.XX # Sonicwall VPN IP
rightsubnet=XX.XX.XX.XX/24 # Sonicwall LAN subnet
rightid=@XXXXXXXXXXX # Sonicwall Unique Identifier
rightxauthserver=yes
keyingtries=0
pfs=no
auto=add
auth=esp
esp=3DES-SHA1 # protocol used for authentication in sonicwall
ike=3DES-SHA1-modp1024
authby=secret
aggrmode=no

my ipsec.secret contains -

@GroupVPN @XXXXXXXXXX : PSK "XXXXXXX"

I also tried with non-NATed connection, i.e. from a live IP directly with same result.

Below is the output of IPSEC verify -

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K2.6.18-308.el5 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]

Can anybody tell me where it is going wrong ? any help is much appreciated.

Thanks and Regards,

Sudip