Vyatta (Openswan) versus SonicWALL IPSec

After some hair pulling, I found out how to set up a Vyatta <-> SonicWALL IPSec site-to-site tunnel.

Vyatta 4.1.4 uses Openswan 2.4.2, which can interoperate with SonicWALL. turns out it needs some specific configurations though, and some of those options were not available on the configuration setup.
Thankfully, being linux I could just vim/etc/ipsec.conf and tweak the Openswan settings.


#ipsec.conf
#these are the options which should be in your tunnel:
esp=3des-md5 # instead of esp=3des-md5-modp1024
pfs=yes # this is changeable by the configuration commands I believe
keyexchange=ike #didnt exist


Vyatta, network setup.

VICTORY! or almost...

I managed to set up the internet, NAT, firewall, poke the holes I needed. Now all that's there to it is the VPN tunnel.

I have also set up a separate machine running Dnsmasq as a DNS cache/DHCP server, and a HTTP(S) reverse proxy. Which is nice, because I have a single fixed IP and I want different machines to serve separate subdomains. like using Zimbra to serve webmail.mydomain.com, my database web interface from db.mydomain.com, and the plain websites from www.mydomain.com.

Word of advice: use the Apache Header module to make sure you are telling the browser to NOT cache your pages. at least while you are setting it up. Would have saved me a few headaches if I had done it prior to trying to set up the reverse proxy.