Hi carnold6,

> I think this is a certificate issue

This then would be a *policy* issue, IMO: It should technically be possible either with psk or certificates, I believe. If one side (ie sonicwall) does not like psk, that's no technical reason ;-) But IMO certificates are the way to go anyhow, so I really suggest to follow that advice.

> What CA management can I use to get this done? Using kde desktop

SLES11 does have a CA module, so that would run under KDE. But as we're running our own CA longer than we're using Linux enterprise versions, we're used to using the openssl command line interface and/or our own wrappers. A short openssl how-to can be found in the strongswan docs, i.e. http://www.strongswan.org/docs/readme4.htm#section_3. I suppose there are newer docs in the Wiki, but that old one should still apply. When it comes to questions about the YaST CA module, others will have to jump in...

When we tested some commercial VPN terminators, we sometimes had difficulties importing our own certificates into those devices: They expected the DN ("certificate subject") to be outright simple, i.e. to consist of only a single element. That was against our CA policy, so we dropped those devices. But I trust your sonicwall to be more professional than that.

Regards,
Jens